THESEthesesups.ups-tlse.fr/923/1/Garner-Bienvenu_Meghyn.pdf · de minimisation de Quine-McCluskey [McC56] commence par calculer l’intégra-lité des implicants/impliqués premiers

THESETHESE

En vue de l'obtention du

DOCTORAT DE L’UNIVERSITÉ DE TOULOUSEDOCTORAT DE L’UNIVERSITÉ DE TOULOUSE

Délivré par l'Université Toulouse III - Paul Sabatier

Discipline ou spécialité : Informatique

JURY

BLACKBURN Patrick, DR INRIA Nancy (membre) GASQUET Olivier PR Université Paul Sabatier (membre)

HERZIG Andreas, DR Université Paul Sabatier (directeur de thèse) LANG Jérôme, DR Université Paris Dauphine (membre)

MARQUIS Pierre, PR Université d'Artois (rapporteur) MENGIN Jérôme, MCF Université Paul Sabatier (membre)

ROUSSET Marie-Christine, PR Université de Grenoble (membre) WOLTER Frank, PR University of Liverpool (rapporteur)

Ecole doctorale : Mathématiques, Informatique, et Télécommunications Unité de recherche : Institut de Recherche en Informatique de Toulouse

Directeur(s) de Thèse : Andreas Herzig Rapporteurs : Pierre Marquis et Frank Wolter

Présentée et soutenue par Meghyn GARNER BIENVENU Le 7 mai 2009

Titre : La génération de conséquences en logique modale

To Morfar

Acknowledgements

First of all, I would like to thank my thesis advisors Andreas Herzig, Jérome Lang,and Jérome Mengin for all of the advice, support, and encouragement they haveprovided me over these past few years. I feel truly lucky to have had such excellentthesis advisors, and I sincerely hope that we will find find opportunities to worktogether again in the future.

I would also like to thank Pierre Marquis and Frank Wolter for kindly acceptingto review this thesis, and Patrick Blackburn, Olivier Gasquet, and Marie-ChristineRousset for agreeing to participate in my jury.

A special thanks to Sheila McIlraith, my undergraduate summer project supervisorand first co-author, for helping me take my first steps as a researcher and for alwayslooking out for me as if I were one of her students.

To my friends and colleagues from the LILaC and RPDMP teams at IRIT, thankyou for all of the lunches, coffee breaks, and evenings we shared together. I onlyregret that I was not able to been able to spend more time in Toulouse during mythesis.

To my family, thank you for your continued support over the years, and for flyingall the way across the ocean to attend my defense. It meant so much to me to haveyou all there.

Finally, to Laurent, thank you not only for helping me through the stressful mo-ments, but most of all, for being there to share the happy ones.

v

Contents

Résumé de la thèse 1

1 Introduction 11

2 The Modal Logic Kn 21

2.1 Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

2.2 Semantics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

2.3 Logical Consequence . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

2.4 Basic Transformations . . . . . . . . . . . . . . . . . . . . . . . . . . 30

2.5 Basic Reasoning Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . 38

2.6 Uniform Interpolation . . . . . . . . . . . . . . . . . . . . . . . . . . 44

2.7 Relation to First-Order Logic . . . . . . . . . . . . . . . . . . . . . . 52

2.8 Relation to Description Logics . . . . . . . . . . . . . . . . . . . . . . 53

2.8.1 A short introduction to description logics . . . . . . . . . . . 54

2.8.2 The description logic ALC . . . . . . . . . . . . . . . . . . . . 55

2.8.3 The description logic ALE . . . . . . . . . . . . . . . . . . . . 56

3 Prime Implicates and Prime Implicants in Kn 61

3.1 Defining Clauses and Terms in Kn . . . . . . . . . . . . . . . . . . . 61

3.1.1 Impossibility result . . . . . . . . . . . . . . . . . . . . . . . . 62

3.1.2 Analysis of candidate definitions . . . . . . . . . . . . . . . . 64

3.1.3 Summary and discussion . . . . . . . . . . . . . . . . . . . . . 76

3.2 Defining Prime Implicates and Prime Implicants in Kn . . . . . . . . 77

3.2.1 Basic definitions . . . . . . . . . . . . . . . . . . . . . . . . . 77

3.2.2 Desirable properties . . . . . . . . . . . . . . . . . . . . . . . 78

3.2.3 Analysis of candidate definitions . . . . . . . . . . . . . . . . 79

vii

viii

4 Generating and Recognizing Prime Implicates 89

4.1 Prime Implicate Generation . . . . . . . . . . . . . . . . . . . . . . . 89

4.1.1 Prime implicate generation in propositional logic . . . . . . . 89

4.1.2 The algorithm GenPI . . . . . . . . . . . . . . . . . . . . . . 90

4.1.3 Correctness of GenPI . . . . . . . . . . . . . . . . . . . . . . 92

4.1.4 Bounds on prime implicate size . . . . . . . . . . . . . . . . . 94

4.1.5 Bounds on the number of prime implicates . . . . . . . . . . 102

4.1.6 Improving the efficiency of GenPI . . . . . . . . . . . . . . . 105

4.2 Prime Implicate Recognition . . . . . . . . . . . . . . . . . . . . . . 109

4.2.1 Lower bound . . . . . . . . . . . . . . . . . . . . . . . . . . . 110

4.2.2 Naıve approach . . . . . . . . . . . . . . . . . . . . . . . . . . 110

4.2.3 Decomposition theorem . . . . . . . . . . . . . . . . . . . . . 111

4.2.4 Prime implicate recognition for propositional clauses . . . . . 116

4.2.5 Prime implicate recognition for 2-formulae . . . . . . . . . . 117

4.2.6 Prime implicate recognition for 3-formulae . . . . . . . . . . 118

4.2.7 The algorithm TestPI . . . . . . . . . . . . . . . . . . . . . . 123

5 Restricted Consequence Finding 129

5.1 New prime implicates . . . . . . . . . . . . . . . . . . . . . . . . . . 129

5.1.1 Properties of new prime implicates . . . . . . . . . . . . . . . 130

5.1.2 Generating and recognizing new prime implicates . . . . . . . 132

5.2 Signature-bounded prime implicates . . . . . . . . . . . . . . . . . . 133

5.2.1 Properties of signature-bounded prime implicates . . . . . . . 134

5.2.2 Generating signature-bounded prime implicates . . . . . . . . 137

5.2.3 Recognizing signature-bounded prime implicates . . . . . . . 138

6 Prime Implicate Normal Form 141

6.1 Motivation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141

6.2 Definition of Prime Implicate Normal Form . . . . . . . . . . . . . . 142

6.3 Properties of Prime Implicate Normal Form . . . . . . . . . . . . . . 145

6.3.1 Tractable entailment . . . . . . . . . . . . . . . . . . . . . . . 145

6.3.2 Tractable uniform interpolation . . . . . . . . . . . . . . . . . 162

6.3.3 Canonicity . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176

6.4 Computing Prime Implicate Normal Form . . . . . . . . . . . . . . . 179

6.5 Spatial Complexity of Prime Implicate Normal Form . . . . . . . . . 182

6.6 Related Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185

6.6.1 Disjunctive form . . . . . . . . . . . . . . . . . . . . . . . . . 186

6.6.2 Linkless normal form . . . . . . . . . . . . . . . . . . . . . . . 188

0. Contents ix

7 Conclusion 193

A Complexity Theory 197

Bibliography 199

Index 207

List of Figures

2.1 Graphical representation of a model. . . . . . . . . . . . . . . . . . . 25

2.2 Encoding of QBF validity problem in Kn . . . . . . . . . . . . . . . . 40

2.3 Embedding of Kn in first-order logic . . . . . . . . . . . . . . . . . . 52

2.4 Mapping between Kn and ALC . . . . . . . . . . . . . . . . . . . . . 56

2.5 Encoding of exact cover problem in ALE . . . . . . . . . . . . . . . . 59

3.1 Alternative encoding of QBF validity in Kn . . . . . . . . . . . . . . 69

3.2 Properties of candidate definitions of literals, clauses, and terms. . . 76

xi

List of Algorithms

2.1 Nnf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

2.2 Dnf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

2.3 Iter-Dnf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

2.4 Cnf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

2.5 Iter-Cnf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

2.6 Sat . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

2.7 Entails . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

2.8 LangInt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

4.1 GenPI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91

4.2 Test3PI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119

4.3 TestPI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123

5.1 TestLangPI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139

6.1 Π-Entail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146

6.2 Π-LangInt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163

6.3 Pinf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180

xiii

Résumé de la thèse

Qu’est-ce que la génération de conséquences ?

La représentation des connaissances est une branche de l’intelligence artificiellequi étudie les différents formalismes permettant de répresenter des informationsainsi que les algorithmes qui permettent d’effectuer différentes tâches de raisonne-ments sur ces dernières. Une approche courante – celle que l’on adopte dans cettethèse – est d’utiliser des logiques formelles (la logique propositionnelle ou la logiquedu premier ordre, par exemple) comme langages de représentation des connais-sances. Dans cette approche, les informations sont représentées par des formuleslogiques, et le sens des formules est déterminé par la sémantique de la logique enquestion.

Lorsque la représentation des connaissances est basée sur une logique formelle,le principal problème lié au concept de raisonnement est celui de la déduction : étantdonnées deux formules ϕ et ψ, l’objectif est de déterminer si ψ est une conséquencelogique de ϕ, i.e. si ψ est vérifié chaque fois que ϕ l’est. Formellement :

est-ce que ϕ |= ψ ?

Nous verrons par la suite que dans certaines situations, une réponse simple detype “oui” ou “non” s’avère insuffisante. On s’intéressera alors à un problème plusgénéral : générer les conséquences logiques d’une formule donnée. Formellement, ϕétant donnée :

trouver les ψ tels que ϕ |= ψ

Cette tâche de raisonnement est communément appelée génération de conséquences[Mar00].

Quelles conséquences générer ?

Quand on parle de génération de conséquences, la première question qui se poseest de savoir quelles conséquences on souhaite générer. Nous ne pouvons clairement

1

2

pas produire toutes les conséquences logiques d’une formule, car toute formule pro-positionnelle a une infinité de conséquences. Et même en se restreignant à uneseule conséquence par classe d’équivalence, nous produirions toujours beaucoup deconséquences redondantes ou non-pertinentes. Par exemple, si une formule a commeconséquence les formules ϕ et ψ, alors leur conjonction ϕ∧ψ est elle aussi une consé-quence de la formule. Or, il semble peu intéressant de générer ϕ ∧ ψ quand nouspossédons déjà ϕ et ψ. De la même façon, si une formule a comme conséquenceϕ, alors toute formule de la forme ϕ ∨ ψ est également une conséquence, mais cesconséquences sont sans grand interêt. Il apparaît donc nécesssaire, avant toute ten-tative de générer les conséquences d’une formule, de définir le bon sous-ensemblede conséquences “pertinentes” à produire.

Comment peut-on formaliser la notion de “conséquence pertinente” ? En logiquepropositionnelle, la solution, due à Quine [Qui52, Qui55], est de considérer unique-ment les conséquences clausales les plus fortes de la formule1. Nous appelons cesclauses les impliqués premiers de la formule. En ne considérant que des clauses, quine contiennent pas de symboles de conjonction, nous éliminons les conséquencesdu type ϕ ∧ ψ, et en ne gardant que les conséquences clausales les plus fortes,nous éliminons les conséquences plus faibles de type ϕ ∨ ψ, où ϕ est une consé-quence. Comme chaque formule propositionnelle est équivalente à une conjonctionde clauses, et chaque clause qui est impliquée par une formule ϕ est impliquée parun des impliqués premiers de ϕ, les impliqués premiers donnent une représentationcomplète et succincte de l’ensemble des conséquences logiques d’une formule.

La génération de conséquences, à l’envers

Dans certaines situations, on s’intéresse non pas à l’ensemble des conséquenceslogiques d’une formule ϕ, mais plutôt à l’ensemble des “causes” de ϕ, c’est-à-direl’ensemble des formules qui ont ϕ pour conséquence logique. Autrement dit, nousvoulons faire de la génération de conséquences à l’envers. Formellement, étant don-née ϕ :

trouver les ψ tels que ψ |= ϕ

Comme pour la génération de conséquences « standard », il faut décider du type deformules que l’on souhaite produire : parmi toutes les formules ψ telles que ψ |= ϕ,quelles sont les formules intéressantes à générer ?

Comme nous faisons le contraire de la génération de conséquences, ce qu’il nousfaut est l’opposé d’un impliqué premier ! Au lieu de considérer les clauses, nous

1Nous rappelons qu’en logique propositionnelle un littéral est soit une variable propositionnellesoit la négation d’une variable propositionnelle, et qu’une clause est une disjonction de littéraux,e.g. a ∨ ¬b ∨ ¬c.


utilisons la notion duale de termes2, et au lieu de prendre les formules les plusfortes, nous prenons les plus faibles. La notion que nous obtenons ainsi est connuesous le nom d’implicant premier.

Comme on peut l’imaginer, les notions d’impliqué et d’implicant premier sontfortement liées. En effet, chacune de ces deux notions peut être définie en fonctionde l’autre : les impliqués premiers de ϕ sont toutes les clauses dont la négation estéquivalente à l’un des implicants premiers de ¬ϕ, et les implicants premiers de ϕsont tous les termes dont la négation est équivalente à l’un des impliqués premiers de¬ϕ. Grace à cette dualité, tous les résultats que nous obtiendrons sur les impliquéspremiers pourront être transférés aux implicants premiers, et vice-versa.

Impliqués et implicants premiers : quelle utilité ?

Les impliqués et implicants premiers ont été utilisés dès les années 1950 dans ledomaine de la conception de circuits électroniques. En effet, trouver un circuit dehauteur 2 représentant une formule ϕ donnée et possédant le moins de portes pos-sibles revient à trouver la représentation la plus compacte de ϕ comme disjonctiond’implicants premiers ou comme conjonction d’impliqués premiers (voir Chapitre4 de [BV04]). Les tableaux de Karnaugh, un classique des cours d’informatique deLicence, ne sont rien de plus qu’une méthode visuelle pour trouver une telle repré-sentation dans le cas de formules à 2 ou 3 variables. De même, le célèbre algorithmede minimisation de Quine-McCluskey [McC56] commence par calculer l’intégra-lité des implicants/impliqués premiers d’une formule, pour ensuite en extraire unecouverture de coût minimal. Pour des formules à grand nombre de variables, desalgorithmes heuristiques comme Espresso [BSVMH84] permettent de trouver unecouverture de faible coût, sans toutefois en assurer l’optimalité.

A partir la fin des années 1980, les impliqués et implicants premiers ont fait leurapparition dans le domaine de l’intelligence artificielle. Depuis, ils ont été appliquésà de nombreuses problématiques, comme le raisonnement distribué [ACG+06], la ré-vision des croyances (cf. [Bit07], [Pag06], [BHQ08]), le raisonnement non-monotone(cf. [Prz89]), et l’étude de la pertinence (cf. [Lak95], [LLM03]). Mais les champsd’application les plus importants sont sans doute la compilation de connaissanceset le raisonnement abductif. Dans la suite de cette section, nous étudions en détaille rôle de la génération de conséquences dans ces deux domaines.

2Un terme est une conjonction de littéraux.

4

Compilation de connaissances

Lorsque l’on base la représentation des connaissances sur la logique, une diffi-culté se présente immédiatement : les tâches de raisonnement ont une haute com-plextié algorithmique. En effet, même pour la logique propositionnelle, qui est parmiles moins expressives des logiques communément utilisées en représentation desconnaissances, le problème de la déduction est co-NP-complet3. Il y a donc peud’espoir de trouver des algorithmes de raisonnement qui terminent en un tempsacceptable sur toutes les entrées.

La compilation de connaissances (cf. [CD97], [DM02]) est une technique généralepour faire face à la complexité élévée du raisonnement. Elle comporte deux phases :une phase préliminaire « hors ligne » dans laquelle la base de connaissances initiale(pour nous, une base est simplement une formule dans une logique donnée) estremplacée par une base équivalente dont la structure permettra, par la suite, unraisonnment efficace. S’en suit la phase « en ligne » dans laquelle nous effectuons destâches de raisonnement sur la nouvelle base de connaissances. La phase préliminairepeut être difficile et coûteuse, mais l’idée est que ce coût initial sera compensé parles économies réalisées sur le raisonnement effectué pendant la deuxième phase.

Il existe un certain nombre de méthodes différentes pour compiler les formulesde la logique propositionnelle, mais l’une des méthodes les plus connues est dereprésenter des formules par la conjonction de leurs impliqués premiers :

ϕ 7−→ π1 ∧ ... ∧ πn

Les formules propositionnelles sous cette forme ont de bonnes propriétés calcula-toires. En particulier, il est possible de tester en temps polynomial si une formulesous cette forme implique une formule en forme normale conjonctive (FNC). Afinde comprendre pourquoi, remarquons que ce dernier problème

π1 ∧ ... ∧ πn |= λ1 ∧ ... ∧ λm

se reduit à vérifier que pour chacune des clauses λi nous avons

π1 ∧ ... ∧ πn |= λi

Si les formules πj étaient des clauses quelconques, ce dernier problème serait trèsdifficile (co-NP-dur, pour être précis). Mais comme ce sont des impliqués premiers,nous pouvons profiter du fait que chaque clause impliquée par une formule doitl’être par l’un des impliqués premiers de la formule. En conséquence, nous avonssimplement besoin de tester si l’une des formules πj implique λi :

pour chaque λi, tester s’il existe πj tel que πj |= λi

3Consulter l’Appendice A pour les définitions des classes de complexité.


Enfin, nous remarquons que comme πj et λi sont des clauses, tester si πj |= λi estaussi simple que de vérifier que chaque littéral dans la clause πj est aussi dans λi :

les littéraux de πj sont-ils tous des littéraux de λi ?

Nous avons décrit un algorithme simple et efficace pour tester si une formule repré-sentée par ses impliqués premiers implique une formule donnée en FNC.

Représenter les formules comme conjonction de leurs impliqués premiers permetégalement deux types de transformations importants : le conditonnement, où l’onassigne une valeur de vérité à l’une des variables propositionnelles d’une formule,et l’interpolation uniforme, où l’on projette une formule sur une signature donnée4.Pour comprendre pourquoi cette dernière tâche est facile (au sens algorithmique),remarquons que les impliqués premiers de la projection d’une formule sur une si-gnature sont précisément les impliqués premiers de la formule qui ne contiennentque des variables appartenant à la signature. Cela veut dire que si une formule estreprésentée comme conjonction de ses impliqués premiers, l’interpolation uniformeest aussi simple que d’enlever de la conjonction tous les impliqués premiers quicontiennent des variables n’appartenant pas à la signature.

Raisonnement abductif

L’abduction est un type de raisonnement dont le but est de produire des explica-tions possibles pour une observation donnée. Ce mode de raisonnement est centraldans plusieurs domaines de l’intelligence artificielle, par exemple, le diagnostic, laplanification, la compréhension du langage naturel, et la vision par ordinateur (sereporter à [EG95] pour les références). Du point du vue de la logique, un pro-blème d’abduction consiste en une observation (ce que nous voulons expliquer) etun ensemble de connaissances, tous les deux représentés par des formules logiques.L’objectif est de trouver une explication, c’est-à-dire une formule qui implique l’ob-servation (o) étant données les connaissances présupposées (t) :

trouver les e tels que t ∧ e |= o

Bien sûr, le nombre d’explications possibles peut être très important ; nous avonsdonc une nouvelle fois besoin d’un sous-ensemble d’explications “pertinentes”. Sinous réécrivons la tâche d’abduction comme ceci

trouver les e tels que e |= ¬t ∨ o

4En logique propositonnelle, une signature est un ensemble de variables propositionnelles.

6

alors la réponse est évidente : nous devons utiliser les implicants premiers ! L’en-semble des explications pertinentes est alors simplement l’ensemble des implicantspremiers de ¬t ∨ o.

En réalité, un peu de prudence s’impose. Parmi les implicants premiers de ¬t∨ofigurent les implicants premiers de ¬t, ce qui signifie que certaines des explicationsque nous générons peuvent être en contradiction avec la base de connaissances t.Ceci est clairement indésirable. Pour éliminer ces explications insatisfaisantes, nousexigeons de plus que les explications soient compatibles avec la base de connais-sances. Avec cette restriction supplémentaire, on obtient une version plus sophisti-quée du problème d’abduction :

trouver les e tels que t ∧ e |= o et t ∧ e 6|= ⊥

qui correspond à la tâche suivante

trouver les e tels que e |= ¬t ∨ o et e 6|= ¬t

Ce que nous cherchons vraiment est donc l’ensemble des implicants premiers de¬t ∨ o qui n’impliquent pas ¬t. Cette variante de la notion d’implicant premier aété étudiée dans la littérature (cf. [Ino92], [del99] et discussion dans [Mar00]).

Une autre restriction couramment imposée à l’ensemble des explications estde demander que celles-ci soient construites à partir d’une signature donnée (cf.[EG95], [SL96]). Cela veut dire que nous souhaitons produire des implicants pre-miers qui ne contiennent que des variables propositionnelles de la signature. Cettevariante de la notion d’implicant premier a été étudiée longuement dans la littéra-ture, et il existe plusieurs algorithmes de génération de conséquences qui peuventproduire des implicants premiers de ce type (cf. [Ino92], [del99], [SdV01], et discus-sion dans [Mar00]).

Au-delà de la logique classique

Pour de nombreuses applications en intelligence artificielle, la puissance expres-sive de la logique propositionnelle s’avère insuffisante. La logique du premier ordreoffre une très grande expressivité, mais au prix de l’indécidabilité. Les logiques mo-dales et les logiques de description sont deux familles de logiques qui proposentun bon compromis entre expressivité et complexité, car elles sont en général plusexpressives que la logique propositionnelle mais possèdent de meilleures propriétéscalculatoires que la logique du premier ordre. Ceci explique la tendance croissanteà utiliser ces logiques pour la représentation des connaissances.


Une limitation de la recherche actuelle sur la génération de conséquences estqu’elle se focalise quasi-exclusivement sur la logique propositionnelle et la logiquedu premier ordre. A notre connaissance, la génération de conséquences pour leslogiques modales ou les logiques de description n’a jamais été étudiée. Cette lacunes’explique peut-être par le fait que la plupart des logiques modales et des logiques dedescription correspondent à des fragments de la logique du premier ordre. Il peutdonc sembler inutile d’étudier la génération de conséquences pour ces logiques,car il est possible de traduire les formules de ces logiques en formules du premierordre, puis d’appliquer les résultats et algorithmes déjà proposés pour la logique dupremier ordre.

Le défaut de cet argument est que les impliqués et implicants premiers ne se com-portent pas aussi bien en logique du premier ordre qu’en logique propositionnelle.En effet, nous perdons en logique du premier ordre quelques propriétés clés commela finitude (les formules peuvent avoir une infinité d’impliqués premiers distincts) etl’équivalence (une formule n’est pas nécéssairement équivalente à l’ensemble de sesimpliqués premiers) [Mar91b, Mar91a]. Et comme par ailleurs les logiques modalesou de description possèdent souvent de bien meilleures propriétés calculatoires quela logique du premier ordre, on peut raisonnablement espérer obtenir de meilleursrésultats en faisant la génération de conséquences directement dans ces logiques,plutôt que de passer par la logique du premier ordre.

C’est pourquoi dans cette thèse nous proposons une étude de la génération deconséquences en logique modale, et plus précisement, dans la logique modale Kn.Nous avons choisi la logique Kn pour deux raisons : d’une part il s’agit de la logiquemodale prototypique, et d’autre part elle possède de forts liens avec la logique dedescription ALC.

La question de savoir comment définir de façon appropriée les impliqués etimplicants premiers dans la logique Kn est clairement intéressante d’un point de vuethéorique. Nous soutenons de plus qu’une solution satisfaisante serait prometteuseen termes d’applications. Passons brièvement en revue deux domaines d’applicationpossibles.

Un premier domaine d’application potentiel est le raisonnement abductif dansKn. Comme on l’a rappelé ci-dessus, l’une des questions fondamentales du raison-nement abductif est la sélection d’un sous-ensemble d’explications intéressantes.Cette question se pose avec encore plus de force pour les logiques comme Kn, pourlesquelles il peut y avoir une infinité de formules non-équivalentes (le nombre d’ex-plications distinctes pour un problème d’abduction peut donc être infini), rendantde facto impossible la génération de toutes les explications. Comme les implicants

8

premiers constituent la notion-clé permettant de caractériser les explications perti-nentes en logique propositionnelle, il semble qu’un bon point de départ de l’étude duraisonnement abductif dans Kn serait de définir une notion d’impliqué premier pourcette logique. Nous allons dans ce qui suit proposer plusieurs définitions possibles,et comparer leurs propriétés respectives.

L’étude des impliqués premiers dans la logique Kn pourrait également se mon-trer utile pour le développement de méthodes de compilation pour cette logique.Actuellement, la quasi-totalité des travaux sur la compilation de connaissances seconcentre sur la logique propositionnelle, bien que cette technique pourrait êtreétendue aux logiques modales et de description, pour lesquelles les tâches de rai-sonnement sont encore plus complexes qu’en logique propositionnelle. Ici encore,le rôle crucial de la notion d’impliqué premier en compilation de connaissances enlogique propositionnelle suggère d’étendre cette notion à des logiques plus richescomme Kn.

Organisation de la thèse

Cette thèse constitue une exploration de la génération de conséquences dans lalogique multi-modale Kn. Les principales questions que nous allons traiter sont lessuivantes :

– Comment peut-on définir de façon appropriée les notions d’impliqué et impli-cant premier dans Kn ? Quelles propriétés conservent ces notions par rapportà la logique propositionnelle ?

– Comment peut-on générer les impliqués premiers d’une formule de Kn ?– Comment peut-on tester si une formule est un impliqué premier ? Quelle est

la complexité de cette tâche ?– Combien d’impliqués premiers une formule peut-elle avoir ? Quelle est leur

taille ?– Comment utiliser les impliqués premiers pour compiler des formules dans Kn ?

Nous présentons maintenant un bref aperçu des différents chapitres qui com-posent cette thèse.

Chapitre 2. Ce chapitre constitue une introduction à la logique Kn. Les sujetsabordés comprennent : la syntaxe et la sémantique de Kn, la terminologie et lesnotations, les propriétés de la conséquence logique, des transformations sur les for-mules dans Kn, les principales tâches de raisonnement et leur complexité, et lesrelations entre la logique Kn, la logique du premier ordre, et les logiques de des-


cription.

Chapitre 3. Dans ce chapitre, nous abordons la question de savoir comment lesnotions d’impliqué et d’implicant premier peuvent être définies de façon appropriéedans la logique Kn. Comme les impliqués et implicants premiers sont définis enlogique propositionnelle au moyen des notions syntaxiques de clause et de terme,qui ne sont pas des notions standard dans Kn, nous commençons le chapitre parune étude de plusieurs définitions possibles de clauses et de termes dans Kn. Lesdifférentes définitions sont évaluées à l’aune de leurs propriétés syntaxiques, sé-mantiques, et calculatoires. Nous commençons par définir un ensemble “idéal” depropriétés que l’on aimerait voire satisfaites par les clauses et les termes. Nous mon-trons qu’hélas, aucune de nos définitions de clause et de terme ne satisfait toutes cespropriétés (nous montrerons en effet qu’aucune définition possible ne les satisfait),mais deux de nos définitions s’en approchent raisonnablement. Dans la seconde par-tie du chapitre, nous examinons de nouveau les définitions proposées en fonctiondes notions d’impliqués et d’implicants premiers qu’elles induisent. Nous montronsalors qu’une seule de nos définitions candidates pour les notions de terme et clauseinduit des notions satisfaisantes d’impliqués et d’implicants premiers.

Chapitre 4. Ce chapitre étudie les propriétés calculatoires de la notion d’impliquépremier que nous avons séléctionnée dans le chapitre 3. Dans la première moitié duchapitre, nous proposons un algorithme correct et complet, GenPI, pour générerl’ensemble des impliqués premiers d’une formule de Kn. Notre algorithme fonc-tionne par décomposition : d’abord, nous écrivons la formule d’origine comme unedisjonction de formules plus simples, puis nous calculons les impliqués premiersde ces dernières, et enfin nous utilisons ces impliqués premiers pour calculer lesimpliqués premiers de la formule d’origine.

Une analyse de la structure des impliqués premiers construits par notre algo-rithme nous permet de donner des bornes supérieures sur la taille et le nombre desimpliqués premiers. Précisement, nous prouvons que chaque impliqué premier d’uneformule ϕ est équivalent à une clause qui est au plus exponentiellement plus grandeque ϕ et qu’une formule ne peut possèder dans le pire des cas qu’un nombre double-ment exponentiel d’impliqués premiers distincts. Nous démontrons que ces bornessont optimales en donnant des bornes inférieures correspondantes, et nous prou-vons que ces bornes restent valables même pour des notions d’impliqués premiersbeaucoup moins expressives.

La deuxième moitié du chapitre concerne la reconnaissance des impliqués pre-miers, qui est le problème de savoir si une clause est un impliqué premier d’une

10

formule donnée. Bien que cette question soit intéressante en soi, notre motivationprincipale est d’améliorer la complexité de notre algorithme de génération GenPI,qui utilise une méthode inefficace pour vérifier si une clause candidate est bien unimpliqué premier. Nous proposons un algortihme correct et complet TestPI pour lareconnaissance des impliqués premiers, et nous montrons qu’il s’effectue en espacepolynomial. Cela nous permet de prouver que le problème de reconnaissance estPspace-complet, et donc de même complexité que la satisfiabilité et la déductiondans Kn.

Chapitre 5. Nous avons remarqué plus haut que certaines applications (commel’abduction) peuvent nécessiter des variantes plus raffinées de la notion d’impliquépremier. C’est pourquoi dans le chapitre 5 nous examinons deux variantes de notrenotion d’impliqué premier : les nouveaux impliqués premiers, qui nous permettentd’isoler les nouveaux faits que l’on peut déduire après l’ajout d’une information, etles impliqués premiers sur une signature, qui nous permettent de caractériser lesconséquences d’une formule construites à partir d’une signature donnée. Nous étu-dions les propriétés de ces deux notions, en s’appuyant sur les résultats des chapitreprécédents. Nous montrons en particulier que les impliqués premiers sur une signa-ture n’ont pas d’aussi bonnes propriétés calculatoires que les impliqués premiersstandards.

Chapitre 6. Dans ce chapitre, nous nous interrogeons sur la possibilité d’utilisernotre notion d’impliqué premier afin de faire de la compilation de connaissancesdans Kn, comme cela se fait en logique propositionnelle. En début de chapitre, nousexpliquons pourquoi la façon la plus simple de définir une forme normale à partirde nos impliqués premiers n’est pas satisfaisante. Ceci nous amène à proposer notrepropre définition, plus sophistiquée. Nous étudions les propriétés de notre formenormale, montrant en particulier qu’elle permet un test d’implication simple parcomparaison syntaxique (qui est assez proche de le procédure décrite plus tôt dansle chapitre pour la logique propositionnelle).

Nous montrons aussi que l’interpolation uniforme est facile (au sens calcula-toire) pour les formules de Kn mises sous forme normale. Nous étudions ensuitela complexité de la mise sous forme normale des formules de Kn, et proposons unalgorithme pour effectuer cette tâche. Nous concluons le chapitre par une compa-raison de notre forme normale aux autres formes normales pour Kn proposées dansla littérature.


Chapitre 7. Ce chapitre résume les principales contributions de la thèse, et pro-pose quelques pistes intéressantes pour des recherches futures.

1

Introduction

What is consequence finding?

Knowledge representation is a subfield of artificial intelligence which is con-

cerned with the study of formalisms for representing different kinds of information

and the development of procedures for performing reasoning on these representa-

tions. Many knowledge representation formalisms exist, but one popular approach,

and the one we adopt in this thesis, is to utilize formal logics (propositional logic,

first-order logic, etc.) as knowledge representation languages. According to this

approach, information is represented using logical formulae, and the meaning of

formulae is determined by the semantics of the logic in question.

The major reasoning task in logic-based knowledge representation is that of

deduction: given two formulae, let’s call them ϕ and ψ, our job is to determine

whether ψ is a logical consequence of ϕ, i.e. whether the truth of ϕ guarantees the

truth of ψ. Symbolically,

does ϕ |= ψ?

As we shall see later in the section, there are circumstances in which such a simple

“yes” or “no” answer proves insufficient. Instead, what we are interested in is the

more general problem of generating logical consequences of a particular formula:

find ψ such that ϕ |= ψ

This reasoning task is commonly known as consequence finding [Mar00].

13

14

But which consequences should we generate?

One of the first questions that presents itself when we talk about consequence

finding is which consequences do we generate? We obviously cannot generate all

of the consequences of a formula, because even the simplest propositional formula

has infinitely many consequences. Even if we restrict ourselves to one consequence

per equivalence class, we still produce a lot of clearly irrelevant or redundant conse-

quences. Indeed, if a formula has both ϕ and ψ as consequences, then the formula

ϕ ∧ ψ is also a consequence, but it seems entirely superfluous once we have ϕ and

ψ. Likewise, if a formula has a consequence ϕ, then every formula of the form ϕ∨ψ

is also a consequence, but these consequences don’t seem to hold much interest.

What we need is a way of focusing in on a relevant subset of consequences.

How can we formalize the notion of a relevant or interesting consequence? In

propositional logic, the solution, due to Quine [Qui52, Qui55], is to consider only

the logically strongest clauses 1 which are consequences of the formula. We call

these clauses the formula’s prime implicates. By focusing on clauses, which do

not contain any conjunction symbols, we avoid redundant consequences of the type

ϕ ∧ ψ, and by only considering the logically strongest clausal consequences, we

eliminate weaker, irrelevant consequences of the type ϕ∨ψ. As every propositional

formula can be rewritten as a conjunction of clauses, and every clausal consequence

of a formula is entailed by some prime implicate of the formula, prime implicates

provide a complete yet compact representation of a formula’s consequences.

Consequence finding, in reverse

In some circumstances, we may be interested not in the logical consequences of

a given formula, but rather the formulae which have this formula as a consequence.

Basically, we want to do consequence finding in reverse:

find ψ such that ψ |= ϕ

Just as for standard consequence finding, a key issue is selecting the right set of

formulae to generate: of the many ψ which satisfy ψ |= ϕ, which ones should we

choose?

Well, since we are doing the opposite of consequence finding, what we need is

the opposite of a prime implicate! Instead of clauses, we can use the dual notion of

terms 2, and instead of taking the logically strongest formulae, we take the logically

weakest. The resulting notion is known as a prime implicant .

1. We recall that in propositional logic a literal is a propositional variable or the negation of a

propositional variable, and a clause is a disjunction of literals, e.g. a ∨ ¬b ∨ ¬c.

2. Terms are conjunctions of propositional literals.

1. Introduction 15

As one might expect, prime implicates and prime implicants are very closely

related. Indeed, each of these notions can be defined in terms of the other: the

prime implicates of ϕ are just the clauses which are equivalent to the negation of

a prime implicant of ¬ϕ, and the prime implicants of ϕ are precisely those terms

whose negations are equivalent to prime implicates of ¬ϕ. This means that all of

the results concerning prime implicates can be transferred to prime implicants, and

vice-versa.

Prime implicates and prime implicants: what are they good for?

Prime implicates and prime implicants have been used since the fifties in the

field of digital circuit synthesis: the design of minimal-cost two-level circuits comes

down to finding the shortest way of representing a propositional formula as ei-

ther a disjunction of a subset of its prime implicants or a conjunction of some of

its prime implicates (cf. Chapter 4 of [BV04]). Karnaugh maps, a staple of un-

dergraduate computer science courses, are really nothing more than a visual tool

for isolating covering sets of prime implicants/implicates, and the famous Quine-

McCluskey minimization algorithm [McC56] works by first generating the entire

set of prime implicants/implicates, then computing the covering subsets with min-

imal cost. For circuits with large numbers of variables, heuristic methods, like

Espresso [BSVMH84], allow one to produce good but not necessarily optimal prime

implicate/implicant covers without the computation of the entire set of prime im-

plicates/implicants.

Starting from the late eighties, prime implicates and prime implicants began

to appear in the artificial intelligence literature. Since then, these notions have

been utilized for a number of different AI problems, such as distributed reasoning

[ACG+06], belief revision (cf. [Bit07], [Pag06], [BHQ08]), non-monotonic reasoning

(cf. [Prz89]), and characterizations of relevance (cf. [Lak95], [LLM03]). Probably

the most important domains of application, however, are knowledge compilation

and abductive reasoning. In the remainder of this section, we present a detailed

look at the role of consequence finding in these two areas.

Knowledge compilation

One major obstacle for logic-based knowledge representation is the high com-

putational complexity of reasoning. Indeed, even for propositional logic, which is

among the least expressive knowledge representation languages, the basic reason-

ing task of deduction is co-NP-complete 3. This means that there is little hope of

3. Refer to Appendix A for the definitions of this and other complexity classes.

16

finding reasoning algorithms which terminate in a reasonable amount of time on all

inputs.

Knowledge compilation (cf. [CD97], [DM02]) is a general technique for coping

with the intractability of reasoning. It consists of two phases: a preliminary off-line

phase in which we replace the original knowledge base (for us, this is just a formula

in some logic) by an equivalent knowledge base which admits efficient reasoning,

followed by a second online phase in which we perform reasoning tasks on the

compiled knowledge base. The off-line phase may prove difficult and costly, but

the idea is that this initial cost will be offset by the computational savings on the

reasoning done during the online phase.

There exist a number of different methods for compiling propositional formulae,

but one of the better-known approaches is to use prime implicate normal form 4, in

which a formula is represented as the conjunction of its prime implicates:

ϕ 7−→ π1 ∧ ... ∧ πn

Propositional formulae in prime implicate normal form have many nice computa-

tional properties. In particular, it is possible to test in polynomial time whether

a formula in prime implicate normal form entails a formula in conjunctive normal

form (CNF). To see why, we first remark that this problem

π1 ∧ ... ∧ πn |= λ1 ∧ ... ∧ λm

can be reduced to testing whether for each of the clauses λi we have

π1 ∧ ... ∧ πn |= λi

Now if the conjuncts πj were arbitrary clauses, then the latter problem would be

very difficult (co-NP-hard, to be precise). But because we are dealing with prime

implicates, we can take advantage of the fact that every clause implied by a formula

must be implied by one of the formula’s prime implicates. This means that we just

need to find a single conjunct πj which implies λi:

for each λi, check whether there is some πj such that πj |= λi

Finally, we remark that since the πj and λi are all clauses, deciding whether πj |= λi

is easy since we just need to test whether each of the literals appearing in πj also

appears in λi:

is each disjunct of πj also a disjunct of λi?

4. Prime implicant normal form also exists, but is a bit less common. It offers many of the same

advantages as prime implicate normal form, the exception being that the uniform interpolation

transformation is not tractable [DM02].

1. Introduction 17

We have thus outlined a simple and efficient procedure for determining whether

a formula in prime implicate normal form implies a formula in CNF. Notice that

this procedure can also be used to decide entailment or equivalence between two

formulae in prime implicate normal form in polynomial time.

Prime implicate normal form also supports two important transformations: con-

ditioning, in which we assign a truth value to one of a formula’s propositional

variables, and uniform interpolation (or forgetting), in which we approximate a

formula over a given signature 5. To see why the latter task is tractable, we re-

mark that the prime implicates of the approximation of a formula over a signature

are precisely those prime implicates of the original formula which do not contain

any propositional variables outside the signature. This means that for formulae in

prime implicate normal form, uniform interpolation is as simple as removing those

conjuncts which contain one of the unwanted propositional variables.

Abductive reasoning

Abduction is a form of reasoning that is used to generate explanations for obser-

vations. It has been applied to a number of different areas in artificial intelligence,

e.g. diagnosis, planning, natural language understanding, and computer vision (re-

fer to [EG95] for references). In logic-based approaches to abduction, an abduction

problem typically consists of an observation (what we want to explain) and some

background knowledge, both of which are represented by logical formulae. The

objective is to find an explanation, that is, a formula which logically entails the

observation (o) when taken together with the background theory (t):

find e such that t ∧ e |= o

Of course, the number of possible explanations might be very large, so we need a

way of characterizing the interesting explanations. If we rewrite the abduction task

in terms of reverse consequence finding as follows

find e such that e |= ¬t ∨ o

then the answer becomes obvious: we should use prime implicants! Thus, we can

define the set of interesting explanations to be the prime implicants of ¬t ∨ o.

Well, actually we need to be a bit more careful. Among the prime implicants of

¬t∨o are the prime implicants of ¬t, which means that some of the explanations we

generate may be in contradiction with the background knowledge. This is clearly

undesirable, so in order to eliminate these unsatisfactory explanations, we generally

5. In propositional logic, a signature is a just a set of propositional variables.

18

place an additional requirement on explanations, namely that they be consistent

with the background theory. This yields the following more sophisticated abduction

problem:

find e such that t ∧ e |= o and t ∧ e 6|= ⊥

which corresponds, in consequence finding terms, to the following task

find e such that e |= ¬t ∨ o and e 6|= ¬t

So what we are after are those prime implicants of ¬t ∨ o which do not imply ¬t.

This variant on the basic notion of prime implicant has been investigated in the

consequence finding literature (cf. [Ino92], [del99] and discussion in [Mar00]).

Another common restriction on explanations is to require that they are built

from a specified signature (cf. [EG95], [SL96]). In consequence-finding terms, this

means that we want to look for prime implicants which only contain propositional

variables belonging to the given signature. This more refined notion of prime impli-

cant has been studied extensively in the literature, and many consequence-finding

algorithms exist for producing prime implicants of this type (cf. [Ino92], [del99],

[SdV01], and discussion in [Mar00]).

Going beyond classical logic

For many applications in artificial intelligence, the expressive power of propo-

sitional logic proves insufficient. First-order logic provides a much greater level of

expressivity, but at the price of undecidability. Modal and description logics are

two families of logics which offer an interesting trade-off between expressivity and

complexity, as they are generally more expressive than propositional logic yet are

better-behaved computationally than first-order logic. This explains the growing

trend towards using such languages for knowledge representation.

One limitation of current research in consequence finding is that it is focused

almost exclusively on classical propositional and first-order logic (with an emphasis

on the former). To our knowledge, there has not been any research concerning

consequence finding for modal and description logics. Perhaps one explanation for

this is that most modal and description logics correspond to fragments of first-order

logic. Thus, one might argue that it is unnecessary to study consequence finding

for these logics, since we can just map our formulae to first-order logic and do

consequence finding there.

The problem with this argument is that prime implicates and prime implicants

do not behave as nicely in first-order logic as in propositional logic. Indeed, we lose

some key properties like finiteness (first-order logic formulae can have infinitely

1. Introduction 19

many distinct prime implicates) and equivalence (a first-order formula is not nec-

essarily equivalent to its set of prime implicates) [Mar91b, Mar91a]. Given that

modal and description logics have better computational properties than first-order

logic, there is reason to believe that we might have better luck doing consequence

finding directly in these logics, without passing by first-order logic.

This is why in this thesis we propose to study consequence finding in modal

logic, and more specifically, in the modal logic Kn. We decided to study Kn because

it is the prototypical modal logic, and also because of its close relationship with

the well-known description logic ALC. Indeed, while the results in this thesis are

presented in terms of Kn formulae, all of our results hold equally well for ALC

concept expressions.

The question of how the notions of prime implicates and prime implicants can

be suitably defined for the logic Kn is clearly of interest from a theoretical point

of view. We argue, however, that this question is also practically relevant. To

support this claim, we briefly discuss two application areas in which the study of

prime implicates and prime implicants in Kn might prove useful.

One potential domain of application is abductive reasoning in Kn. As noted

above, one of the key foundational issues in abductive reasoning is the selection

of an interesting subset of explanations. This issue is especially crucial for logics

like Kn which allow for an infinite number of non-equivalent formulae, since this

means that the number of non-equivalent explanations for an abduction problem

is not just large but in fact infinite, making it simply impossible to enumerate

the entire set of explanations. As prime implicants are a widely-accepted means

of characterizing relevant explanations in propositional logic, a reasonable starting

point for research into abductive reasoning in the logic Kn is the study of different

possible definitions of prime implicant in Kn and their properties.

The investigation of prime implicates in Kn is also relevant to the development of

knowledge compilation procedures for Kn. Currently, most work on knowledge com-

pilation is restricted to propositional logic, even though this technique could prove

highly relevant for modal and description logics, which generally suffer from an even

higher computational complexity than propositional logic. As prime implicates are

one of the better-known mechanisms for compiling formulae in propositional logic,

it certainly makes sense to investigate whether this approach to knowledge compi-

lation can be fruitfully extended to logics like Kn.

20

Organization of this thesis

This thesis constitutes an exploration of consequence finding in the basic modal

logic Kn. The main questions that we will be addressing are the following:

• How can prime implicates and prime implicants be appropriately defined in

the logic Kn? What are the properties of the resulting notions?

• How can one generate the prime implicates of formulae in Kn?

• How can one test whether a formula is indeed a prime implicate? What is

the complexity of this task?

• How many prime implicates can a Kn-formula have? How large can these

prime implicates be?

• How can prime implicates be used for compiling Kn-formulae?

We now present a brief overview of the different chapters of this thesis.

Chapter 2. This chapter provides the necessary background material for later

chapters. Topics covered include: syntax and semantics of Kn, terminology and no-

tation, properties of logical consequence, transformations on Kn formulae, principal

reasoning tasks and their complexities, and the relationship of Kn to first-order logic

and description logics.

Chapter 3. In this chapter, we address the question of how the notions of prime

implicates and prime implicants can be appropriately lifted from propositional logic

to Kn. As prime implicates and prime implicants are defined in terms of the notions

of clauses and terms, which are not standard notions in Kn, we begin the chapter

by considering a number of potential definitions of clauses and terms for Kn. The

different definitions are evaluated with respect to a set of syntactic, semantic, and

complexity-theoretic properties characteristic of the propositional definition. None

of the definitions satisfies all of these properties (indeed we show this to be impos-

sible), but two of the definitions come reasonably close. In the second half of the

chapter, we take a second look at the candidate definitions, this time evaluating

them with respect to the properties of the notions of prime implicates and prime

implicants that they induce. We show that only one of the candidate definitions

yields a satisfactory notion of prime implicates and prime implicants.

Chapter 4. This chapter investigates the computational properties of our selected

definition of prime implicate. In the first half of the chapter, we propose a sound

and complete algorithm GenPI for generating prime implicates. Our algorithm

adopts a decomposition-style approach: first, we rewrite the original formula as

1. Introduction 21

a disjunction of simpler formulae, then we compute the prime implicates of these

simpler formulae, and finally, we use the prime implicates of the simpler formulae

to help us compute the prime implicates of the original formula.

An analysis of the structure of the prime implicates constructed by our algo-

rithm allows us to place upper bounds on the size and number of prime implicates.

Specifically, we demonstrate that every prime implicate of a formula is equivalent

to a clause which is no more than single-exponentially larger than the formula,

and that a formula can possess no more than double-exponentially many prime

implicates modulo equivalence. We prove these upper bounds optimal by providing

matching lower bounds, and then we go further and show that the lower bounds

hold even for much less expressive notions of prime implicates.

The focus of the second half of the chapter is on prime implicate recognition,

which is the problem of deciding whether a given clause is a prime implicate of a

formula. While this problem is interesting in and of itself, an additional motivation

for studying this task is to improve our generation algorithm GenPI, which utilizes

a very inefficient method for verifying whether a candidate clause is indeed a prime

implicate. We propose a sound and complete procedure TestPI for recognizing

prime implicates, and we show that it runs in polynomial space. This allows us to

prove that the prime implicate recognition task is Pspace-complete, and hence of

the same complexity as standard reasoning tasks in Kn.

Chapter 5. We saw earlier in the chapter that some applications (like abduc-

tion) can require more refined notions of prime implicates/implicants. This is why

in Chapter 5 we study two variants on our notion of prime implicate: new prime

implicates, which allow us to isolate the novel facts which can be derived upon

arrival of new information, and signature-bounded prime implicates, which allow

one to characterize the consequences of a formula which are built from a given

signature. We investigate the properties of these notions, leveraging results from

earlier chapters. We show in particular that signature-bounded prime implicates

are less well-behaved computationally than regular prime implicates.

Chapter 6. This chapter is concerned with the application of our notion of prime

implicate to the area of knowledge compilation. We begin the chapter by showing

why the obvious definition of prime implicate normal form in Kn is unsatisfactory,

before proposing our own more sophisticated definition. We investigate the prop-

erties of our normal form, showing in particular that entailment between formulae

in prime implicate normal form can be carried out in quadratic time using a simple

structural comparison algorithm (which is quite similar to the procedure outlined

22

earlier in the chapter for propositional logic). We also show that uniform inter-

polation is tractable for formulae in our normal form. Later in the chapter, we

propose an algorithm for putting formulae into prime implicate normal form, and

we investigate the spatial complexity of this transformation, showing there to be

an at most double-exponential blowup in formula size. We conclude the chapter

with a comparison of prime implicate normal form to existing normal forms for Kn

formulae.

Chapter 7. In this chapter, we summarize the main contributions of the thesis

and indicate some interesting avenues of future research.

Appendix A. We provide in this appendix a brief review of computational com-

plexity theory, in which we recall the definitions of the different complexity classes

appearing in this thesis.

Relevant publications

Some of the results presented in this thesis have been previously published:

• A complete version of Chapters 3 and 4 can be found in the journal paper

[Bie09]. Many of the results of Chapter 3 and some results from Chapter 4

first appeared in an earlier conference paper [Bie07b] (but with some errors).

• Some parts of Chapter 5 were presented in the workshop paper [Bie07a].

• Many of the results in Chapter 6, rephrased in terms of the description logic

ALC, were published in [Bie08b] (and were also presented in [Bie08c]).

Two related publications which were obtained during the author’s doctoral studies

but are not presented in this thesis are:

• [BHQ08], which introduces a prime-implicate based revision procedure

• [Bie08a], which presents complexity results for abductive reasoning in the EL

family of description logics

2

The Modal Logic Kn

In this chapter, we introduce the basics of the modal logic Kn1. We begin by

recalling the syntax and semantics of the logic Kn and introducing some key notation

and terminology. Next, we highlight some properties of logical consequence in Kn

which will prove useful to us in later chapters. After that, we introduce some basic

transformations and reasoning tasks in Kn and study their properties. Finally, at the

end of the chapter, we discuss the relationship of the modal logic Kn with first-order

logic and with description logics.

Several of the results presented in this chapter have appeared previously in the

literature, but we have chosen to include proofs of these results in order to make this

thesis as self-contained as possible.

2.1 Syntax

Formulae in Kn are built up from a set of propositional variables V, the standard

logical connectives (¬, ∧, and ∨), and the modal operators 2i and 3i (for 1 ≤ i ≤

n). For convenience, we will also include the special zero-ary connectives ⊤ and ⊥

to represent the tautology and contradiction, and we will often treat ∧ and ∨ as

multiple-arity connectives. In the special case where n = 1, we will write K instead

of K1, and we will use 2 and 3 in place of 21 and 31.

Where convenient, we will use ϕ→ ψ as an abbreviation for ¬ϕ∨ψ. We adopt

the shorthand 2ki ϕ (resp. 3

ki ϕ) to refer to the formula consisting of ϕ preceded by

k copies of 2i (resp. 3i), with the convention that 20iϕ = 3

0iϕ = ϕ.

1. Refer to [BdV01], [Che80], or [BvW06] for good introductions to modal logic.

23

24 2.1. Syntax

We will use var(ϕ) to refer to the set of propositional variables appearing in

a formula ϕ. A signature for Kn is defined to be a subset of V ∪ {1, 2, ..., n}. For

example, if V = {a, b, c} and n = 3, then both {1, 3, a} and {a, b, c} would be valid

signatures. The signature of a formula ϕ, written sig(ϕ), is defined to be the union

of var(ϕ) and the set of numbers j such that 2j or 3j appears in ϕ. For example,

we have sig(2132(a ∨ c)) = {1, 2, a, c}.

The (modal) depth of a formula ϕ, written δ(ϕ), is defined as the maximal

number of nested modal operators appearing in ϕ, e.g. δ(3(a ∧ 2a) ∨ a) = 2.

We define the length (or size) of a formula ϕ, written |ϕ|, to be the number of

occurrences of propositional variables, logical connectives, and modal operators in

ϕ. So for example, we would have |(a ∧ ¬b)| = 4 and |31(a ∨ b) ∧ 22a| = 7.

The set of subformulae of a formula ϕ, denoted Sub(ϕ), is defined recursively

as follows:

Sub(⊤) = {⊤} Sub(⊥) = {⊥}

Sub(a) = {a}(for a ∈ V) Sub(¬ψ) = {¬ψ} ∪ Sub(ψ)

Sub(ψ1 ∧ ψ2) = {ψ1 ∧ ψ2} ∪ Sub(ψ1) ∪ Sub(ψ2) Sub(2iψ) = {2iψ} ∪ Sub(ψ)

Sub(ψ1 ∨ ψ2) = {ψ1 ∨ ψ2} ∪ Sub(ψ1) ∪ Sub(ψ2) Sub(3iψ) = {3iψ} ∪ Sub(ψ)

For example, the subformulae of ¬(a ∨ 22(b ∧ 31⊤)) are: ¬(a ∨ 22(b ∧ 31⊤)),

a ∨ 22(b ∧ 31⊤), a, 22(b ∧ 31⊤), b ∧ 31⊤, b, 31⊤, and ⊤. It is easily shown by

induction that the cardinality of Sub(ϕ) can never exceed |ϕ|.

An occurrence of a subformula σ of a formula ϕ is said to be in the scope of a

modal operator q just in the case that there is a subformula qχ of ϕ such that χ

contains the occurrence of σ. For instance, the first occurrence of the subformula a

in (2132a) ∨ ¬a is in the scope of the modal operators 21 and 32, but the second

occurrence of a is outside the scope of any modal operators.

We will call a formula of the form 2iϕ (resp. 3iϕ) a 2-formula (resp. 3-

formula). We will say that a formula is basic if it is either a propositional literal

or a 2- or 3-formula. A formula will be called disjunctive if it is a disjunction of

basic formulae. A formula is said to be conjunctive if it is a conjunction of basic

formulae.

We introduce some notation in order to refer to different components of dis-

junctive and conjunctive formulae. If ϕ is a disjunctive (resp. conjunctive) for-

mula, then Prop(ϕ) is defined to be the set of propositional literals which are

disjuncts (resp. conjuncts) of ϕ. If ϕ is a disjunctive (resp. conjunctive) formula,

then Boxi(ϕ) is defined to be the set of formulae ψ such that 2iψ is a disjunct

(resp. conjunct) of ϕ. Similarly, Diami(ϕ) is defined as the set of formulae ψ

such that 3iψ is a disjunct (resp. conjunct) of ϕ. For example, for the disjunc-

tive formula ϕ = ¬a ∨ ¬b ∨ 21c ∨ 2132⊤ ∨ 31⊤, we have Prop(ϕ) = {¬a,¬b},

2. The Modal Logic Kn 25

W = {w, x, y, z}

R1 = {(x,w), (x, z), (y, y)}

R2 = {(x, y), (z, y), (y, y)}

v(a) = {w, y}

v(b) = {y}

v(c) = {w, x, y}

(a)

w

{a, c}

x

{c}

z∅

y{a, b, c}1 1

2

2

1, 2

(b)

Figure 2.1: An example model and its graphical representation.

Box1(ϕ) = {c,32⊤}, Box2(ϕ) = Diam2(ϕ) = ∅, and Diam1(ϕ) = {⊤}. For the

conjunctive formula ψ = c∧21⊥∧22a∧32(a∨21b)∧32c, we have Prop(ψ) = {c},

Box1(ψ) = {⊥}, Box2(ψ) = {a}, Diam1(ψ) = ∅, and Diam2(ψ) = {a ∨ 21b, c}.

A Kn-formula is said to be in negation normal form (NNF) just in the case that

it does not contain → and every negation symbol appears directly in front of propo-

sitional variables. Every formula in Kn can be transformed in linear time into an

equivalent formula in NNF of the same modal depth via a straightforward applica-

tion of the standard logical equivalences. More details on the NNF transformation

can be found in Section 2.4.

2.2 Semantics

A model (or interpretation) for Kn is a tuple M = 〈W, {Ri}ni=1, v〉, where W is a

non-empty set of possible worlds, each Ri ⊆ W×W is a binary relation over worlds,

and v : V → 2W defines for each propositional variable the set of worlds in which

the variable holds. Models can be seen as labelled directed graphs, in which the

vertices correspond to the elements of W, the directed edges represent the binary

relations, and the vertices are labelled by the set of propositional variables which

hold in the corresponding possible world. In Figure 2.1, we give an example of a

model and its corresponding graphical representation.

Satisfaction of a formula ϕ in a model M at the world w (written M, w |= ϕ) is

defined inductively as follows:

• M, w |= ⊤

• M, w 6|= ⊥

26 2.3. Logical Consequence

• M, w |= a if and only if w ∈ v(a)

• M, w |= ¬ϕ if and only if M, w 6|= ϕ

• M, w |= ϕ ∧ ψ if and only if M, w |= ϕ and M, w |= ψ

• M, w |= ϕ ∨ ψ if and only if M, w |= ϕ or M, w |= ψ

• M, w |= 2i ϕ if and only if M, w′ |= ϕ for every w′ such that (w,w′) ∈ Ri

• M, w |= 3i ϕ if and only if M, w′ |= ϕ for some w′ such that (w,w′) ∈ Ri

If we think of models as labelled directed graphs, then determining the satisfaction

of a formula 2i ϕ at vertex w consists in evaluating ϕ at all of the vertices which

can be reached from w via an i-labelled edge; 2i ϕ is satisfied at w just in the

case that ϕ holds in each of these successor vertices. Similarly, in order to decide

whether a formula 3i ϕ holds at a vertex w, we consider each of the i-successors of

w in the graph and check whether at least one of these vertices satisfies ϕ.

Example 2.2.1.

Let M be the model defined in Figure 2.1. We have:

• M, w |= a, since w ∈ v(a)

• M, w |= 21⊥, since there is no world u such that (w, u) ∈ R1

• M, w |= a ∧ 21⊥, since both M, w |= a and M, w |= 21⊥

• M, z |= ¬a, since M, z 6|= a

• M, x |= 31¬a, since (x, z) ∈ R1 and M, z |= ¬a

• M, x |= 2121⊥, since w and z are the only 1-successors of x, and both

M, w |= 21⊥ and M, z |= 21⊥

• M, x |= 22(a∧ b∧ c), since the only 2-successor of x is y and M, y |= a∧ b∧ c

A formula ϕ is said to be a tautology , written |= ϕ, if M, w |= ϕ for every model M

and world w. A formula ϕ is satisfiable if there is some model M and some world

w such that M, w |= ϕ. If there is no M and w for which M, w |= ϕ, then ϕ is

called unsatisfiable, and we write ϕ |= ⊥.

2.3 Logical Consequence

In modal logic, there are two different ways of defining logical consequence (cf.

[van83] for discussion):

• a formula ψ is a global consequence of ϕ if whenever M, w |= ϕ for every world

w of a model M, then M, w |= ψ for every world w of M

• a formula ψ is a local consequence of ϕ if M, w |= ϕ implies M, w |= ψ for

every model M and world w

In this thesis, we will be focusing on local consequence, firstly because this is the

notion of consequence most often used in the modal logic literature, and secondly


because the local consequence relation is better-behaved than the global conse-

quence relation in some important respects. In particular, the deduction theorem,

familiar from classical logic, holds only with respect to the local consequence rela-

tion. In what follows, we will take ϕ |= ψ to mean that ψ is a local consequence

of ϕ, and we will say that ϕ (logically) entails ψ. Two formulae ϕ and ψ will be

called equivalent , written ϕ ≡ ψ, if both ϕ |= ψ and ψ |= ϕ. A formula ϕ is said to

be logically stronger than ψ if ϕ |= ψ and ψ 6|= ϕ.

In the remainder of this section, we highlight some basic properties of logical

consequence in Kn, some well-known and some less so, which will play an important

role in the proofs of our results.

Theorem 2.3.1.

Let γ be a propositional formula, let ψ, χ, ψi, χi, ψi,j, χi,j be formulae in Kn, and

let k be an integer between 1 and n. Then

1. ψ |= χ⇔|= ¬ψ ∨ χ⇔ ψ ∧ ¬χ |= ⊥

2. 3kψ ≡ ¬2k¬ψ

3. ψ |= χ⇔ 3k ψ |= 3k χ⇔ 2k ψ |= 2k χ

4. 2k(ψ1 ∧ ψ2 ∧ ... ∧ ψm) ≡ 2kψ1 ∧ 2kψ2 ∧ ... ∧ 2kψm

5. 3k(ψ1 ∨ ψ2 ∨ ... ∨ ψm) ≡ 3kψ1 ∨ 3kψ2 ∨ ... ∨ 3kψm

6. γ ∧∧ni=1(3i ψi,1 ∧ ... ∧ 3i ψi,li ∧ 2iχi,1 ∧ ... ∧ 2i χi,mi

) |= ⊥

⇔ γ |= ⊥ or ψi,j ∧ χi,1 ∧ ... ∧ χi,mi|= ⊥ for some 1 ≤ i ≤ n and 1 ≤ j ≤ li

7. |= γ ∨∨ni=1(3i ψi,1 ∨ ... ∨ 3i ψi,li ∨ 2iχi,1 ∨ ... ∨ 2iχi,mi

)

⇔ |= γ or |= ψi,1 ∨ ... ∨ ψi,li ∨ χi,j for some 1 ≤ i ≤ n and 1 ≤ j ≤ mi

8. 2k χ |= 2k χ1 ∨ ... ∨ 2k χm ⇔ χ |= χi for some 1 ≤ i ≤ m

9. 3k ψ1 ∨ ... ∨ 3k ψl ∨ 2k χ1 ∨ ... ∨ 2k χm

≡ 3k ψ1 ∨ ... ∨ 3k ψl ∨ 2k (χ1 ∨ ψ1 ∨ ... ∨ ψl) ∨ ... ∨ 2k (χm ∨ ψ1 ∨ ... ∨ ψl)

Proof. The first statement is a well-known property of local consequence, but we

prove it here for completeness:

ψ |= χ ⇔ M, w |= ψ implies M, w |= χ for all M, w

⇔ M, w 6|= ψ or M, w |= χ for all M, w

⇔ M, w |= ¬ψ or M, w |= χ for all M, w

⇔ |= ¬ψ ∨ χ

⇔ M, w 6|= ψ ∧ ¬χ for all M, w

⇔ ψ ∧ ¬χ |= ⊥


The second statement is also standard, and can be simply proved as follows:

M, w |= 3kψ ⇔ there is some v such that (w, v) ∈ Rk and M, v |= ψ

⇔ there is some v such that (w, v) ∈ Rk and M, v 6|= ¬ψ

⇔ M, w 6|= 2k¬ψ

⇔ M, w |= ¬2k¬ψ

For the third statement, if ψ 6|= χ, then there is some M, w such that M, w |=

ψ ∧ ¬χ. Create a new model M′ from M by adding a new world w′ and placing

a single k-arc from w′ to w. Then M′, w′ |= 3k ψ ∧ 2k ¬χ, which means that

3k ψ ∧ 2k ¬χ is satisfiable and hence 3k ψ 6|= 3k χ (using statements 1 and 2).

For the other direction, suppose 3k ψ 6|= 3k χ. Then there exists M, w such that

M, w |= 3k ψ ∧ ¬3k χ ≡ 3k ψ ∧ 2k ¬χ. But this means that there is some w′ for

which ψ ∧ ¬χ, hence ψ 6|= χ. To complete the proof, we use the following chain of

equivalences: 2k ψ |= 2k χ ⇔ ¬2k χ |= ¬2k ψ ⇔ 3k ¬χ |= 3k ¬ψ ⇔ ¬χ |= ¬ψ ⇔

ψ |= χ.

For statement 4, we have M, w |= 2k(ψ1 ∧ ψ2 ∧ ... ∧ψm) if and only if M, w′ |=

ψ1 ∧ ψ2 ∧ ... ∧ ψm for every w′ with wRkw′ if and only if M, w′ |= ψi for every w′

with wRkw′ and 1 ≤ i ≤ m if and only if M, w |= 2kψi for every 1 ≤ i ≤ m if and

only if M, w |= 2kψ1 ∧ 2kψ2 ∧ ... ∧ 2kψm.

Statement 5 is shown as follows: M, w |= 3k(ψ1 ∨ ψ2 ∨ ... ∨ ψm) if and only

if M, w′ |= ψ1 ∨ ψ2 ∨ ... ∨ ψm for some w′ with wRkw′ if and only if M, w′ |= ψi

for some 1 ≤ i ≤ m and w′ with wRkw′ if and only if M, w |= 3k ψi for some

1 ≤ i ≤ m if and only if M, w |= 3kψ1 ∨ 3kψ2 ∨ ... ∨ 3kψm.

For 6, suppose γ∧∧ni=1(3i ψi,1 ∧ ...∧3i ψi,li ∧2iχi,1∧ ...∧2i χi,mi

) 6|= ⊥. Then

there exist M, w such that M, w |= γ ∧∧ni=1(3i ψi,1 ∧ ... ∧ 3i ψi,li ∧ 2iχi,1 ∧ ... ∧

2i χi,mi). As M, w |= γ, we cannot have γ |= ⊥, nor can we have ψi,j ∧ χi,1 ∧ ... ∧

χi,mi|= ⊥ since for each i and each 1 ≤ j ≤ li there is some w′ accessible from w

via an i-arc such that M, w′ |= ψi,j ∧ χi,1 ∧ ... ∧ χi,mi. Now for the other direction

suppose that γ and all of the formulae ψi,j ∧ χi,1 ∧ ... ∧ χi,mi(for 1 ≤ i ≤ n and

1 ≤ j ≤ li) are satisfiable. Then there is some propositional model w of γ, and for

each pair i, j, we can find Mi,j, wi,j such that Mi,j, wi,j |= ψi,j ∧ χi,1 ∧ ... ∧ χi,mi.

Now we construct a new Kripke structure which contains the models Mi,j and the

world w and in which there are i-arcs going from w to each of the wi,j. It can be

easily verified that this new model Mnew is such that Mnew, w |= γ∧∧ni=1(3i ψi,1∧

... ∧ 3i ψi,li ∧ 2iχi,1 ∧ ... ∧ 2i χi,mi), which means this formula is satisfiable.

Statement 7 follows easily from the sixth statement. We simply notice that

γ ∨∨ni=1(3i ψi,1 ∨ ...∨3i ψi,li ∨2i χi,1 ∨ ...∨2i χi,mi

) is a tautology just in the case

that its negation ¬γ ∧∧ni=1(2i ¬ψi,1 ∧ ... ∧ 2i ¬ψi,li ∧ 3i ¬χi,1 ∧ ... ∧ 3i ¬χi,mi

) is

unsatisfiable.


For 8, we use statements 1 and 7 to get the following chain of equivalences:

2k χ |= 2k χ1 ∨ ... ∨ 2k χm

⇔ |= 3k ¬χ ∨ 2k χ1 ∨ ... ∨ 2k χm

⇔ |= ¬χ ∨ χi for some 1 ≤ i ≤ m

⇔ χ |= χi for some 1 ≤ i ≤ m

The first implication of the equivalence in 9 is immediate since 3k ψ1 ∨ ... ∨

3k ψl |= 3k ψ1 ∨ ... ∨ 3k ψl and 2k χi |= 2k (χi ∨ ψ1 ∨ ... ∨ ψl) for all 1 ≤ i ≤ m.

For the other direction, we remark that by using statements 1, 2, and 6, we get the

following equivalences:

2k (χi ∨ ψ1 ∨ ... ∨ ψl) |= 2k χi ∨ 3k ψ1 ∨ ... ∨ 3k ψl

⇔ 2k (χi ∨ ψ1 ∨ ... ∨ ψl) ∧ ¬(2k χi ∨ 3k ψ1 ∨ ... ∨ 3k ψl) |= ⊥

⇔ 2k (χi ∨ ψ1 ∨ ... ∨ ψl) ∧ 3k ¬χi ∧ 2k ¬ψ1 ∧ ... ∧ 2k ¬ψl |= ⊥

⇔ (χi ∨ ψ1 ∨ ... ∨ ψl) ∧ ¬χi ∧ ¬ψ1 ∧ ... ∧ ¬ψl |= ⊥

As (χi ∨ ψ1 ∨ ... ∨ ψl) ∧ ¬χi ∧ ¬ψ1 ∧ ... ∧ ¬ψl is clearly unsatisfiable, it follows

that 2k (χi ∨ ψ1 ∨ ... ∨ ψl) |= 2k χi ∨ 3k ψ1 ∨ ... ∨ 3k ψl for every i and hence

that 3k ψ1 ∨ ... ∨ 3k ψl ∨ 2k (χ1 ∨ ψ1 ∨ ... ∨ ψl) ∨ ... ∨ 2k (χm ∨ ψ1 ∨ ... ∨ ψl) |=

3k ψ1 ∨ ... ∨ 3ψl ∨ 2k χ1 ∨ ... ∨ 2k χm.

Statement 1 of Theorem 2.3.1 shows us how the three reasoning tasks of de-

duction, unsatisfiability, and tautology-testing can be rephrased in terms of one

another. The second statement shows how the 3 and 2 modal operators can be

rephrased in terms of one another. Statement 3 tells us how entailment between two

2- or 3-formulae can be reduced to entailment between those formulae with the

first modality removed. Statement 4 states the distributivity of conjunction over

universal modalities, whereas statement 5 gives the distributivity of disjunction

over existential modalities. Statements 6 and 7 define the conditions under which a

conjunctive (resp. disjunctive) formula is unsatisfiable (resp. a tautology). State-

ment 8 gives us the conditions under which a 2-formula implies a disjunction of

2-formulae. Statement 9 demonstrates the interaction between 2- and 3-formulae

in a disjunctive formula.

The next two theorems concern entailment between disjunctive formulae. The-

orem 2.3.2 tells us what kinds of disjunctive formulae can entail a propositional

clause, a disjunction of 3-formulae, or a disjunction of 2-formulae, while Theorem

2.3.3 outlines the conditions under which two disjunctive formulae can be related

to each other by the entailment relation.

Theorem 2.3.2.

Let λ be a disjunctive formula in Kn. Then each of the following statements holds:


1. If λ |= γ for some non-tautological propositional clause γ, then every disjunct

of λ is either a propositional literal or a formula 3iψ where ψ |= ⊥

2. If λ |= 3i ψ1 ∨ ... ∨ 3i ψl, then every disjunct of λ must be of the form 3i ψ

3. If λ |= 2i χ1 ∨ ... ∨ 2i χm and 6|= 2i χ1 ∨ ... ∨ 2i χm, then every disjunct of λ

is either a formula of the form 2i χ or a formula 3jψ where ψ |= ⊥

Proof. For (1), let γ be a non-tautologous propositional clause such that λ |= γ,

and suppose for a contradiction that λ contains a disjunct 2iχ or a disjunct 3iψ

where ψ 6|= ⊥. In the first case, we have 2iχ |= γ, and hence |= 3i ¬χ ∨ γ. It

follows from Theorem 2.3.1 that |= γ, contradicting our assumption that γ is not

a tautology. In the second case, we have 3i ψ |= γ, and hence |= 2i ¬ψ ∨ γ. By

Theorem 2.3.1, either |= ¬ψ or |= γ. In both cases, we reach a contradiction since

we have assumed that ψ 6|= ⊥ and 6|= γ. It follows then that λ cannot have any

2-formulae or any satisfiable 3-formulae as disjuncts.

The proofs of (2) and (3) proceed similarly.

Theorem 2.3.3.

Let λ =

γ ∨n∨

i=1

(3i ψi,1 ∨ ... ∨ 3i ψi,li ∨ 2iχi,1 ∨ ... ∨ 2iχi,mi)

and λ′ =

γ′ ∨n∨

i=1

(3i ψ′i,1 ∨ ... ∨ 3i ψ

′i,pi

∨ 2iχ′i,1 ∨ ... ∨ 2iχ

′i,qi

)

be formulae in Kn. If γ and γ′ are both propositional and 6|= λ′, then λ |= λ′ if and

only if the following three conditions hold:

1. γ |= γ′

2. for every 1 ≤ i ≤ n: ψi,1 ∨ ... ∨ ψi,li |= ψ′i,1 ∨ ... ∨ ψ′i,pi

3. for every 1 ≤ i ≤ n and every 1 ≤ j ≤ mi: there is some 1 ≤ k ≤ qi such that

χi,j |= ψ′i,1 ∨ ... ∨ ψ′i,pi

∨ χ′i,k

Proof. Since we have 6|= λ′, we know by Theorem 2.3.1 that 6|= γ′ and that 6|=

ψ′i,1 ∨ ...∨ψ′i,pi

∨χ′i,k for all values of i and k. Using this information together with


Theorem 2.3.1, we obtain the following equivalences, for 1 ≤ i ≤ n and 1 ≤ j ≤ mi:

γ |= λ′ ⇔ |= ¬γ ∨ γ′∨∨ni=1(3i ψ

′i,1 ∨ ... ∨ 3i ψ

′i,pi

∨ 2iχ′i,1 ∨ ... ∨ 2iχ

′i,qi

)

⇔ |= ¬γ ∨ γ′

⇔ γ |= γ′

3i ψi,1 ∨ ... ∨ 3ψi,li |= λ′ ⇔ 3i(ψi,1 ∨ ... ∨ ψi,li) |= λ′

⇔ |= γ′ ∨ 2i ¬(ψi,1 ∨ ... ∨ ψi,li)∨∨ni=1(3i ψ

′i,1 ∨ ... ∨ 3i ψ

′i,pi

∨ 2iχ′i,1 ∨ ... ∨ 2iχ

′i,qi

)

⇔ |= ¬(ψi,1 ∨ ... ∨ ψi,li) ∨ ψ′i,1 ∨ ... ∨ ψ

′i,pi

⇔ ψi,1 ∨ ... ∨ ψi,li |= ψ′i,1 ∨ ... ∨ ψ′i,pi

2χi,j |= λ′ ⇔ |= γ′ ∨ 3¬χi,j∨∨ni=1(3i ψ

′i,1 ∨ ... ∨ 3i ψ

′i,pi

∨ 2iχ′i,1 ∨ ... ∨ 2iχ

′i,qi

)

⇔ |= ψ′i,1 ∨ ... ∨ ψ′i,pi

∨ ¬χi,j ∨ χ′i,k for some k

⇔ χi,j |= ψ′i,1 ∨ ... ∨ ψ′i,pi

∨ χ′i,j for some k

To complete the proof, we use the fact λ |= λ′ if and only if γ |= λ′, 3i ψi,1 ∨

... ∨ 3i ψi,li |= λ′ for every 1 ≤ i ≤ n, and 2i χi,j |= λ′ for every 1 ≤ i ≤ n and

1 ≤ j ≤ mi.

We illustrate Theorem 2.3.3 on a small example.

Example 2.3.4.

Consider the formula λ = ¬b ∨ 3(a ∧ 3c) ∨ 3(d ∧ 2a) ∨ 2(c ∨ d). Then according

to Theorem 2.3.3, we have:

• λ |= ¬b∨¬d∨3(a∨d)∨2c, since ¬b |= ¬b∨¬d and (a∧3c)∨(d∧2a) |= a∨d

and c ∨ d |= c ∨ (a ∨ d)

• λ 6|= a ∨ 3c, since ¬b 6|= a

• λ 6|= a ∨ ¬b ∨ 3(a ∧ c), since (a ∧ 3c) ∨ (d ∧ 2a) 6|= a ∧ c

• λ 6|= ¬b ∨ 3(a ∨ 2a) ∨ 2c, since c ∨ d 6|= c ∨ (a ∨ 2a)

2.4 Basic Transformations

Very often it will prove convenient to us to work with formulae having a certain

syntactic form. In this section, we introduce three procedures for transforming

formulae into equivalent formulae with a special syntactic structure: a procedure

Nnf for putting formulae into negation normal form, a procedure Dnf for rewriting

formulae as equivalent disjunctions of conjunctive formulae, and a procedure Cnf

which transforms formulae into equivalent conjunctions of disjunctive formulae.

32 2.4. Basic Transformations

The Nnf transformation

We present here the standard transformation Nnf for putting formulae into

negation normal form (cf. [DLN+92]).

Algorithm 2.1 Nnf

Input: a formula ϕ

Output: a formula in NNF equivalent to ϕ

Case 1: ϕ = a or ϕ = ¬a. Return ϕ.

Case 2: ϕ = ϕ1 ⋆ ϕ2, where ⋆ is ∨ or ∧. Return Nnf(ϕ1)⋆Nnf(ϕ2).

Case 3: ϕ = △ψ where △ is 2i or 3i. Return △Nnf(ψ).

Case 4a: ϕ = ¬¬ψ. Return Nnf(ψ).

Case 4b: ϕ = ¬(ϕ1 ∨ ϕ2). Return Nnf(¬ϕ1)∧Nnf(¬ϕ2).

Case 4c: ϕ = ¬(ϕ1 ∧ ϕ2). Return Nnf(¬ϕ1)∨Nnf(¬ϕ2).

Case 4d: ϕ = ¬2i ψ. Return 3iNnf(¬ψ).

Case 4e: ϕ = ¬3i ψ. Return 2iNnf(¬ψ).

We illustrate the Nnf transformation on a simple example:

Example 2.4.1.

We apply the transformation Nnf to the formula ¬2(a ∧ 3(¬b ∨ c)):

Nnf(¬2(a ∧ 3(¬b ∨ c))) = 3Nnf(¬(a ∧ 3(¬b ∨ c)))

= 3(Nnf(¬a) ∨ Nnf(¬(3(¬b ∨ c))))

= 3(¬a ∨ 2Nnf(¬(¬b ∨ c)))

= 3(¬a ∨ 2(Nnf(¬¬b) ∧ Nnf(¬c)))

= 3(¬a ∨ 2(b ∧ ¬c))

We recall some basic properties of Nnf :

Theorem 2.4.2.

The output of Nnf(ϕ) is a formula in negation normal form which is equivalent to

ϕ. If ϕ is already in NNF, then Nnf(ϕ)= ϕ. The formula Nnf(ϕ) has depth δ(ϕ),

has signature contained in sig(ϕ), and has length no greater than 2|ϕ|.

Proof. The first four properties can all be shown by very simple inductive proofs.

For the fifth property, we note that the number of propositional variables remains

unchanged during the execution of Nnf , as does the total number of binary connec-

tives (∧, ∨) and modal operators. The number of negation symbols may increase,

but there can be at most one negation symbol for each occurrence of a propositional

variable. This means the total number of symbols in Nnf(ϕ) cannot exceed 2|ϕ|.


The Dnf transformation

We now consider the task of rewriting a formula as an equivalent disjunction of

conjunctive formulae. We know from propositional logic that this transformation

can require exponential time and space in the worst-case. However, for later results,

it will prove important to have an algorithm which runs using only polynomial

space (although its output may be exponential). For this reason, we choose to

implement our transformation Dnf so that it returns the conjunctive formulae in

the disjunction one-by-one.

Algorithm 2.2 Dnf

Input: a formula ϕ

Output: a set of conjunctive formulae, output one-by-one, whose disjunction is

equivalent to ϕ

Do Iter-Dnf({Nnf(ϕ)}).

Algorithm 2.3 Iter-Dnf

Input: a set S of formulae in NNF

Output: a set of conjunctive formulae, output one-by-one, whose disjunction is

equivalent to S

If S = {ψ ∧ ζ} ∪ S′

do Iter-Dnf(S′ ∪ {ψ} ∪ {ζ})

Else if S = {ψ ∨ ζ} ∪ S′

do Iter-Dnf(S′ ∪ {ψ}), then do Iter-Dnf(S′ ∪ {ζ})

Else

output∧

σ∈S σ

We demonstrate the transformation Dnf on an example:

Example 2.4.3.

We run Dnf on the formula ϕ = a∧¬(31¬b∧21c)∧ (31¬b∨¬3231⊤). Here are

the main steps in the execution of Dnf :

• First the function Nnf is called on ϕ, yielding the equivalent formula a ∧

(21b ∨ 31¬c) ∧ (31¬b ∨ 2221⊥)

• Next we call Iter-Dnf on the singleton set S1 = {a∧ (21b∨31¬c)∧ (31¬b∨

2221⊥)}

• As S1 = {a ∧ ((21b ∨ 31¬c) ∧ (31¬b ∨ 2221⊥))}, we run Iter-Dnf on the

set S2 = {a, (21b ∨ 31¬c) ∧ (31¬b ∨ 2221⊥)}.


• As S2 = {(21b ∨ 31¬c) ∧ (31¬b ∨ 2221⊥)} ∪ {a}, we call Iter-Dnf on the

set S3 = {a,21b ∨ 31¬c,31¬b ∨ 2221⊥}.

• There are no ∧-symbols in S3 outside the scope of the modal operators, but

there are some disjunctions remaining, so the else-if case is applicable. As

S3 = {21b∨31¬c}∪{a,31¬b∨2221⊥}, we will make two recursive subcalls.

The first subcall will be on the set S4 = {a,21b,31¬b ∨ 2221⊥}:

– The else-if case applies again, since S4 = {31¬b∨ 2221⊥} ∪ {a,21b}. We

make two recursive subcalls to Iter-Dnf , the first of which is on input

S5 = {a,21b,31¬b}:

∗ There are no ∧- or ∨-symbols outside the modal operators in S5, so the

else case applies, and we output the conjunction of elements in S5, which

is a ∧ 21b ∧ 31¬b

and the second of which is on input S6 = {a,21b,2221⊥}:

∗ The else case applies, so we return the conjunction of elements in S6,

which is a ∧ 21b ∧ 2221⊥

The second subcall during the examination of S3 will be on the set S7 =

{a,31¬c,31¬b ∨ 2221⊥}:

– As S7 = {31¬b ∨ 2221⊥} ∪ {a,31¬c}, we are in the else-if case, so we

make two recursive calls to Iter-Dnf . The first call will have input S8 =

{a,31¬c,31¬b}:

∗ We are in the else case since S8, so we return the conjunction a∧31¬c∧

31¬b

The second call to Iter-Dnf will be on input S9 = {a,31¬c,2221⊥}:

∗ We return the conjunction of elements in S9, which is a∧31¬c∧2221⊥

We now highlight some properties of Dnf and Iter-Dnf . In the following

proofs, we will use f∧,∨(S) to denote the total number of occurrences of ∧ and ∨

which are outside the scope of the modal operators in the set of formulae S.

Theorem 2.4.4.

Iter-Dnf always terminates. If the input is a set S of formulae in NNF, then

(a) every formula returned by Iter-Dnf(S) is a conjunctive formula, and (b) the

disjunction of the formulae returned by Iter-Dnf(S) is equivalent to S.

Proof. Termination is straightforward. We simply remark that f∧,∨ strictly de-

creases with each level of recursion of Iter-Dnf , and that the recursive calls stop

whenever we reach a set S with f∧,∨(S) = 0.

The fact that the formulae output by Iter-Dnf are conjunctive formulae is

immediate from the definition of Iter-Dnf . Indeed, only the final case in the if-


statement can produce output, and this case is only applicable when the input set

contains no ∧ and ∨ symbols outside the scope of the modal operators, i.e. when

the input set consists only of propositional literals and 2- and 3-formulae.

We next show by induction on f∧,∨(S) that the disjunction of the formulae

output by Iter-Dnf on input S is equivalent to S. This is clearly the case when

f∧,∨(S) = 0, since then there is a single output formula which is just the conjunction

of elements in S. Next suppose this holds true for sets with f∧,∨-values of at most

n, and let S be some set of formulae with f∧,∨(S) = n + 1. If S contains an

element of the form ψ ∧ ζ, then we call Iter-Dnf on S \ {ψ ∧ ζ} ∪ {ψ} ∪ {ζ}. As

the latter set has a f∧,∨-values of n, we know that the disjunction of the output

formulae is equivalent to S \ {ψ ∧ ζ} ∪ {ψ} ∪ {ζ} and hence to S. The other case is

when S possesses no conjunctions but does contain an element of the form ψ ∨ ζ.

This means that we will call Iter-Dnf on inputs Sψ = S \ {ψ ∨ ζ} ∪ {ψ} and

Sζ = S \ {ψ ∨ ζ} ∪ {ζ}, yielding respectively sets of output formulae Σψ and Σζ .

We can apply the induction hypothesis (applicable since f∧,∨(Sψ) = f∧,∨(Sζ) = n)

to find that the disjunction of elements in Σψ (resp. Σζ) is equivalent to Sψ (resp.

Sζ). But that means that the disjunction of the output of Iter-Dnf on S will

be the disjunction of the elements in Σψ ∪ Σζ , which we know to be equivalent to∧Sψ ∨

∧Sζ , and hence to S.

Corollary 2.4.5.

Dnf always terminates. On input ϕ, the procedure Dnf returns a set of conjunctive

formulae whose disjunction is equivalent to ϕ.

Theorem 2.4.6.

On input ϕ, the procedure Dnf outputs at most 2|ϕ| formulae, each of which has at

most |ϕ| conjuncts. If ϕ is in NNF and there are l mutually non-equivalent basic

subformulae which appear outside the scope of ϕ’s modal operators, then there are

at most 2l non-equivalent formulae output by Dnf(ϕ), each of which has at most

l non-equivalent conjuncts. Each of the formulae output by Dnf(ϕ) has length at

most 2|ϕ| (or at most |ϕ| if ϕ is in NNF), has depth at most δ(ϕ), and has signature

contained in sig(ϕ).

Proof. We remark that each call to Iter-Dnf can yield at most two recursive sub-

calls. Moreover, the maximal recursion depth on input S is f∧,∨(S), since we

decrease the value of f∧,∨ by 1 with each call, and we stop the recursion when the

value reaches 0. It follows that there can be no more than 2f∧,∨(S) terminating

sub-calls during the execution of Iter-Dnf on S, each of which may produce at

most one formula. As on input ϕ, Dnf simply runs Iter-Dnf on Nnf(ϕ), and

Nnf(ϕ) has exactly the same f∧,∨-value as ϕ (this is easily shown by induction),


it follows that there are no more than 2f∧,∨({ϕ}) formulae output by Dnf(ϕ). As

f∧,∨({ϕ}) is bounded above by |ϕ| by definition, we can have at most 2|ϕ| formulae

in the output of Dnf(ϕ).

We next remark that if during the execution of Iter-Dnf on a set S there is a

sub-call made on a set S′, then the cardinality of S′ is at most one greater than the

cardinality of S. As the maximal recursion depth of Iter-Dnf on input S is f∧,∨(S),

it follows that the formulae output by Iter-Dnf will have at most |S| + f∧,∨(S)

conjuncts. When we run Dnf(ϕ), we call Iter-Dnf on the set {Nnf(ϕ)}. As

|{Nnf(ϕ)}| = 1 and f∧,∨(Nnf(ϕ)) = f∧,∨(ϕ), we find that there are at most

f∧,∨({ϕ}) + 1 conjuncts in each output formula. We now show that f∧,∨({ϕ}) is

strictly smaller than |ϕ|. This is clearly the case when f∧,∨({ϕ}) = 0, since |ϕ|

must be positive. If f∧,∨({ϕ}) > 0, then ϕ contains either a symbol ∧ or ∨, in

which case the conjuncts (resp. disjuncts) must contain some symbol other than ∧

or ∨. Thus, f∧,∨({ϕ}) ≤ |ϕ| − 1, which gives us f∧,∨({ϕ}) + 1 ≤ |ϕ|, completing

the proof of this statement.

For the next properties, we begin by proving (by induction on the value of

f∧,∨(S)) that the conjuncts of the formulae output by Iter-Dnf(S) are all basic

subformulae of formulae in S which appear outside the scope of modal operators.

The base case is when f∧,∨(S) = 0, in which case we output just the conjunction of

elements in S, each of which is a basic subformula of itself. Next suppose the result

holds for f∧,∨-values of k or less, and let S be a set of formulae in NNF such that

f∧,∨(S) = k+1. If S = {ψ∧ζ}∪S′, then we call Iter-Dnf on S\{ψ∧ζ}∪{ψ}∪{ζ}.

The latter set has an f∧,∨-value of k, so the induction hypothesis applies, allowing

us to conclude that all of conjuncts of the formulae output are basic subformulae

of elements in S \ {ψ ∧ ζ} ∪ {ψ} ∪ {ζ} which appear outside the scope of modal

operators. This is enough since S and S \ {ψ ∧ ζ} ∪ {ψ} ∪ {ζ} have the same set of

basic subformulae appearing outside the scope of modal operators. If instead, we

have S = {ψ∨ζ}∪S′, we will call Iter-Dnf on S′∪{ψ} and then on S′∪{ζ}. Both

S′ ∪ {ψ} and S′ ∪ {ζ} have f∧,∨-values of at most k, and their basic subformulae

are all basic subformulae of S, so we conclude that the conjuncts of the formulae in

the output of Iter-Dnf on S are all basic subformulae of S which appears outside

the modal operators in S.

Since Dnf(ϕ) is just Iter-Dnf({Nnf(ϕ)}), it follows that the conjuncts of the

formulae output by Dnf(ϕ) are all basic subformulae of Nnf(ϕ). As Nnf(ϕ) = ϕ

whenever ϕ is in NNF (Theorem 2.4.2), we can conclude that if ϕ is a formula in

NNF with exactly l mutually non-equivalent basic subformulae, then there can be

at most 2l mutually non-equivalent formulae output by Dnf(ϕ), each of which has

no more than l mutually non-equivalent conjuncts.


Let us define the length of a set of formulae to be the length of the conjunction

of its elements. We remark that if during the execution of Iter-Dnf on a set S

there is a sub-call made to Iter-Dnf on a set S′, then the length of S′ is never

greater than that of S. This means that any formula output during the execution

of Iter-Dnf on a set S can have length at most the length of S. As Dnf(ϕ) calls

Iter-Dnf on {Nnf(ϕ)}, which by Theorem 2.4.2 has length no greater than 2|ϕ|

(resp. |ϕ| if ϕ is in NNF), it follows that all of the formulae output by Dnf(ϕ)

have length at most 2|ϕ| (resp. |ϕ| if ϕ is in NNF).

It was shown above that the conjuncts of the formulae which are output by

Iter-Dnf(Nnf(ϕ)) (and hence by Dnf(ϕ)) are all subformulae of Nnf(ϕ). By

Theorem 2.4.2, Nnf(ϕ) has precisely the same depth and propositional letters as

ϕ. It follows then that the formulae in Dnf(ϕ) have depth at most δ(ϕ) and contain

only those propositional symbols appearing in ϕ.

Theorem 2.4.7.

Dnf runs in polynomial space in the size of its input.

Proof. Straightforward: on input S, Iter-Dnf either terminates directly (possibly

outputting a formula of the same length as S), or it makes recursive sub-calls on

sets whose lengths are no greater than that of S. This is sufficient to show the

result since Dnf calls Iter-Dnf on the set {Nnf(ϕ)} which has size at most 2|ϕ|

(by Theorem 2.4.2).

Theorem 2.4.8.

Dnf runs in single-exponential time in the size of its input.

Proof. We remark that on input S the procedure Iter-Dnf spends a linear amount

of time examining S (in order to determine which case applies), and then proceeds

either to make one or two recursive calls or output a formula. Thus, the total

running time of the algorithm is proportional to the number of recursive subcalls

to Iter-Dnf . We saw in the proof of Theorem 2.4.6 that there can be no more

than 2|ϕ| recursive subcalls when Iter-Dnf is run on {Nnf(ϕ)}. It follows that the

total execution time for Dnf on input ϕ is single-exponential in the length of ϕ.

The Cnf transformation

By making minor modifications to the algorithm Dnf in the previous subsec-

tion, we obtain a procedure Cnf which transforms Kn formulae into equivalent

conjunctions of disjunctive formulae.


Algorithm 2.4 Cnf

Input: a formula ϕ

Output: a set of disjunctive formulae, output one-by-one, whose conjunction is

equivalent to ϕ

Do Iter-Cnf({Nnf(ϕ)}).

Algorithm 2.5 Iter-Cnf

Input: a set S of formulae in NNF

Output: a set of disjunctive formulae, output one-by-one, whose conjunction is

equivalent to S

If S = {ψ ∨ ζ} ∪ S′

do Iter-Cnf(S′ ∪ {ψ} ∪ {ζ})

Else if S = {ψ ∧ ζ} ∪ S′

do Iter-Cnf(S′ ∪ {ψ}), then do Iter-Cnf(S′ ∪ {ζ})

Else

output∨

σ∈S σ

The following results highlight some of the properties of the transformation Cnf .

The proofs of these results are omitted as they are very similar to the corresponding

proofs for Dnf .

Theorem 2.4.9.

Cnf always terminates. On input ϕ, the procedure Cnf returns a set of disjunctive

formulae whose conjunction is equivalent to ϕ.

Theorem 2.4.10.

Cnf run in single-exponential time in the size of its input.

Theorem 2.4.11.

On input ϕ, the procedure Cnf outputs at most 2|ϕ| formulae, each of which has at

most |ϕ| disjuncts. If ϕ is in NNF and there are l mutually non-equivalent basic

subformulae which appear outside the scope of ϕ’s modal operators, then there are

at most 2l non-equivalent formulae output by Cnf(ϕ), each of which has at most

l non-equivalent disjuncts. Each of the formulae output by Cnf(ϕ) has length at

most 2|ϕ| (or at most |ϕ| if ϕ is in NNF), has depth at most δ(ϕ), and has signature

contained in sig(ϕ).


2.5 Basic Reasoning Tasks

In this section, we study the standard reasoning problems for Kn, which are:

Satisfiability: Is ϕ satisfiable?

Unsatisfiability: Is ϕ unsatisfiable?

Entailment: Does ϕ entail ψ?

The complexity of these tasks was investigated in [Lad77], where it was shown

that all three tasks were Pspace-complete. Ladner’s Pspace-hardness result was

proven by means of a reduction from the validity problem for quantified boolean

formulae, which is the canonical Pspace-complete problem.

Theorem 2.5.1 ([Lad77]).

Satisfiability in K is Pspace-hard.

Proof Sketch. We recall that a quantified boolean formula (QBF) is an expres-

sion of the form Q1p1...Qmpmθ where each Qi is either ∃ or ∀, the pi are distinct

propositional variables, and θ is a propositional formula over variables {p1, ..., pm}.

Validity of a QBF β = Q1p1...Qmpmθ is defined recursively as follows: if Q1 = ∀

(resp. Q1 = ∃), β is valid if and only if both (resp. either) Q2p2...Qmpm(θp1←⊤)

and (resp. or) Q2p2...Qmpm(θp1←⊥) are valid (the base case, when β is proposi-

tional, is treated as in propositional logic) 2. The problem of deciding whether a

QBF is valid was shown Pspace-complete in [SM73].

Figure 2.2 presents an encoding of a QBF β = Q1p1...Qmpmθ in a Kn-formula

f(β) that is used in [BdV01] to demonstrate the Pspace-hardness of satisfiability in

Kn. In addition to the propositional variables p1, ..., pm, the formula f(β) contains

variables q0, ..., qm. Informally speaking, these variables are used to keep track of

the number of quantifiers treated so far. We begin in q0 (part (i) of f(β)), and

we pass from qi to qi+1 with each modal operator (parts (ii) and (iiia)). When the

quantifier associated with the current state is universal, there must be two successor

states, corresponding to the two ways of instantiating the variable pi (part (iiib));

the choices of variable values are preserved as we pass through the different levels

of quantification (part (iv)). Finally, for f(β) to be hold, the propositional formula

θ must be satisfied in all terminal states (part (v)). Thus, we find that the formula

f(β) is satisfiable just in the case that β is a QBF-validity (refer to [BdV01] for the

full proof). As the formula f(β) can be generated in polynomial time from β, and

the QBF-validity problem is known to be Pspace-hard, it follows that satisfiability

of formulae in Kn is Pspace-hard as well.

2. Here θp←⊤ (resp. θp←⊥) denotes the formula obtained from θ by replacing all occurrences

of the propositional variable p by ⊤ (resp. ⊥).

40 2.5. Basic Reasoning Tasks

(i) q0

(ii)∧m

i=0((qi → ∧j 6=i¬qj) ∧ 2(qi → ∧j 6=i¬qj) ∧ ... ∧ 2

m(qi → ∧j 6=i¬qj))

(iiia)∧m

i=0((qi → 3qi+1) ∧ 2(qi → 3qi+1) ∧ ... ∧ 2

m(qi → 3qi+1))

(iiib)∧

{i|Qi=∀} 2i(qi → (3(qi+1 ∧ pi+1) ∧ 3(qi+1 ∧ ¬pi+1)))

(iv)∧m−1

i=1(∧m−1

j=i 2j((pi → 2pi) ∧ (¬pi → 2¬pi)))

(v) 2m(qm → θ)

Figure 2.2: The formula f(β) is the conjunction of the above formulae.

It follows from Theorem 2.5.1 that the dual problem of unsatisfiability is Pspace-

hard as well. Moreover, as satisfiability tests correspond to a special type of entail-

ment query, the Pspace-hardness result can also be transferred to the entailment

task.

Corollary 2.5.2.

Entailment in K is Pspace-hard.

Ladner’s proof of membership of satisfiability in Pspace was constructive: he

exhibited a tableaux-style polynomial-space algorithm for deciding satisfiability of

Kn-formulae (cf. [HHSS06] for more discussion of different types of satisfiability

algorithms for Kn). The basic idea behind Ladner’s algorithm (and tableaux-style

algorithms in general) is to try to construct a model of the formula; if we succeed in

constructing a model, we have proven the formula satisfiable, and if we fail to find

a model (and can show that we tried all possibilities), the formula is unsatisfiable.

As satisfiability-testing appears as a component in practically all of the algo-

rithms in this thesis, we present in some detail an algorithm for deciding satisfi-

ability of Kn formulae. The algorithm, which we call Sat, examines each of the

formulae in Dnf(ϕ) one-by-one. As the disjunction of the formulae in Dnf(ϕ) is

equivalent to ϕ, we know that ϕ has a model just in the case that at least one

of the formulae in Dnf(ϕ) has a model. Thus, we have reduced the problem of

deciding satisfiability for arbitrary formula in Kn to the more restricted problem

of deciding satisfiability for conjunctive formulae. We then exploit statement 5 of

Theorem 2.3.1 which tells us that a conjunctive formula T has a model just in the

case that its propositional part has a model (i.e. no complementary propositional

literals) and for each conjunct 3iψ of T , the formula ψ ∧∧

χ∈Boxi(T ) χ possesses a

model. To check whether the latter holds, we make a recursive call to Sat. Ter-

mination of Sat follows from the fact that at each level of recursion the depth of

the input formula decreases, and the recursion stops when the input formula is a


propositional formula.

Algorithm 2.6 Sat

Input: a formula ϕ in Kn

Output: yes if ϕ is satisfiable, and no otherwise

(1) Run Dnf(ϕ), and for each output formula T , do the following:

Check whether the following conditions are verified by T :

(a) T has no conjunct ⊥

(b) Prop(T ) contains no complementary literals

(c) For each conjunct 3iψ of T , Sat(ψ ∧∧

ζ∈Boxi(T ) ζ)=yes

Return yes if all three conditions hold.

(2) Return no.

We illustrate the functioning of the algorithm Sat on two small examples:

Example 2.5.3.

We use Sat to determine whether the formula ϕ = a ∧ ¬(31¬b ∧ 21c) ∧ (31¬b ∨

¬3231⊤) is satisfiable. In Step 1, Sat calls Dnf on input ϕ. We know from

Example 2.4.3 that the first formula returned by Dnf will be T1 = a∧21b∧31¬b.

We examine T1 in order to determine whether it satisfies the three conditions of

Step 1. The first two conditions are verified since T1 has no conjunct ⊥ and no

complementary propositional literal conjuncts. To check condition (c), we must

call Sat on input b ∧ ¬b because of the conjunct 31¬b. Sat will return no on this

input, as there is a single formula b ∧ ¬b returned by Dnf on input b ∧ ¬b, and

it falsifies condition (b). This means that we will not return yes when examining

T1. The next formula output by Dnf will be T2 = a∧21b∧2221⊥. This formula

satisfies all three conditions since it contains no conjunct ⊥, no complementary

literal conjuncts, and no 3-formulae as conjuncts. This means that Sat will return

yes in Step 1.

Example 2.5.4.

We use the algorithm Sat to test whether ϕ = 21(a ∧ b ∧ 31⊤) ∧ 31(¬a ∨ ¬b ∨

2132(b∧⊥)) is satisfiable. In Step 1, the transformation Dnf is called on ϕ. There

is a single formula in the output of Dnf , which is ϕ itself. The first two conditions

are satisfied by ϕ since it does not contain any conjunct of the form ⊥ nor any

propositional conjuncts. In order to determine whether ϕ satisfies condition (c),

we call Sat on the formula ψ = (a ∧ b ∧ 31⊤) ∧ (¬a ∨ ¬b ∨ 2132(b ∧ ⊥)). It can

be verified that the first formula in Dnf(ψ) is a ∧ b ∧ 31⊤ ∧ ¬a, which falsifies

condition (b). The next formula returned by Dnf is a ∧ b ∧ 31⊤ ∧ ¬b, which

also violates condition (b). The next and final formula in the output of Dnf is

42 2.5. Basic Reasoning Tasks

a ∧ b ∧ 31⊤ ∧ 2132(b ∧ ⊥). This formula satisfies (a) and (b) but not (c) since

Sat(b ∧ ⊥)=no and hence Sat(⊤ ∧ 32(b ∧ ⊥))=no. It follows that Sat(ψ)=no,

which means Sat(ϕ)=no as well.

Theorem 2.5.5.

The algorithm Sat terminates and outputs yes if and only if the input formula is

satisfiable.

Proof. The proof is by induction on the depth of the input formula. We begin with

the case where the input formula has depth 0. In this case, we know by Theorems

2.4.4 and 2.4.6 that the set of formulae output by Dnf(ϕ) is a set of propositional

terms whose disjunction is equivalent to ϕ. If ϕ is satisfiable, then there must be

some element T in the output of Dnf(ϕ) which is satisfiable. This means that

when we examine T , we will find no conjunct ⊥ nor any pair of complementary

literals in Prop(T ), and so will return yes. If instead ϕ is unsatisfiable, then every

formula in the output of Dnf(ϕ) must be unsatisfiable. This means that every such

formula must either have a conjunct ⊥ or contain a pair of complementary literals,

so we will not return yes during Step 1, which means we will continue on to Step

2, where we return no.

Next suppose the Sat gives the desired result whenever the input formula has

depth at most k, and consider some formula ϕ having depth k + 1. In Step 1 of

Sat, we run Dnf on input ϕ. By Theorems 2.4.4, the set of formulae output Dnf

consists of a set of conjunctive formula whose disjunction is equivalent to ϕ. If ϕ is

satisfiable, then there must be some satisfiable T which is output at some stage by

Dnf . Since T is a satisfiable conjunctive formula, we know that it cannot contain

a conjunct ⊥, nor a pair of complementary propositional literal conjuncts, nor a

conjunct 3iψ such that ψ ∧∧

ζ∈Boxi(T ) ζ is unsatisfiable (by Theorem 2.3.1). But

we know from Theorem 2.4.6 that T is of depth at most k + 1, which means that

if 3iψ is a conjunct of T , then ψ ∧∧

ζ∈Boxi(T ) ζ must be of depth at most k. It

follows that we can apply the induction hypothesis to ψ ∧∧

ζ∈Boxi(T ) ζ to find that

Sat(ψ ∧∧

ζ∈Boxi(T ) ζ)=yes. This means that T satisfies all three conditions, and

so Sat will return yes in Step 1. If instead ϕ is an unsatisfiable formula, then all

of the formulae output by Dnf on input ϕ must themselves be unsatisfiable. There

are three possibilities for every such formula T : either T has a conjunct ⊥, or it

has complementary propositional literal conjuncts, or there is some conjunct 3iψ

of T such that ψ ∧∧

ζ∈Boxi(T ) ζ is unsatisfiable (Theorem 2.3.1). In the first two

cases, either condition (a) or (b) is falsified. In the third case, we can apply the

induction hypothesis to ψ∧∧

ζ∈Boxi(T ) ζ to find that Sat(ψ∧∧

ζ∈Boxi(T ) ζ)=no, and

so condition (c) is falsified. It follows that there is no output formula T satisfying


all three conditions, so yes will not be output in Step 1 of Sat, which means no

will be returned in Step 2.

Theorem 2.5.6.

The algorithm Sat runs in polynomial space in the size of the input formula.

Proof. We will show the result in the case that ϕ is in NNF. This is without loss

of generality since the transformation to NNF is polynomial (see Theorem 2.4.2).

The proof is by induction on the depth of the input formula ϕ. The base case

is when δ(ϕ) = 0. In Step 1, Sat runs Dnf on ϕ. We know from Theorem 2.4.7

that Dnf requires only polynomial space in |ϕ|. Moreover, by Theorem 2.4.6, we

know that every formula T output by Dnf has depth 0 and has length at most |ϕ|

(since ϕ is assumed to be in NNF). This means that testing conditions (a), (b), and

(c) for some formula T in the output of Dnf takes linear space in |ϕ|. As only one

formula is tested at any given time, it follows that Sat runs in polynomial space in

|ϕ|.

Now suppose the result holds for formulae with depth at most k, and let ϕ

be a formula with depth k + 1. Now, in Step 1, Sat runs Dnf on ϕ. We know

from Theorem 2.4.7 that running Dnf on ϕ requires only polynomial space in |ϕ|.

Moreover, because ϕ is assumed to be in NNF, we know that every formula T output

by Dnf has depth k+1 and has length at most |ϕ| (Theorem 2.4.6). It follows that

testing conditions (a) and (b) for a given T can be accomplished in linear space

in |ϕ|. As for condition (c), we remark that if 3iψ is a conjunct of T , then the

formula ψ∧∧

ζ∈Boxi(T ) ζ is a formula in NNF with depth at most k, so according to

the induction hypothesis, Sat runs in polynomial space in |ψ ∧∧

ζ∈Boxi(T ) ζ|. But

the length of ψ∧∧

ζ∈Boxi(T ) ζ is bounded above by the length of T , which we know

to be bounded above by |ϕ|. It follows that condition (c) can also be checked in

polynomial space in |ϕ|, which means that Sat runs in polynomial space in |ϕ|.

Theorem 2.5.7 ([Lad77]).

Satisfiability and unsatisfiability of Kn formulae are both in Pspace.

Proof. Follows directly from Theorems 2.5.5 and 2.5.6.

We now introduce an algorithm Entails for testing entailment between Kn

formulae. Our algorithm leverages statement 1 of Theorem 2.3.1, which tells us

how entailment queries can be reformulated as unsatisfiability checks.

Theorem 2.5.8.

The algorithm Entails is a sound and complete decision procedure for entailment

and runs in polynomial space.

44 2.6. Uniform Interpolation

Algorithm 2.7 Entails

Input: Kn-formulae ϕ and ψ

Output: yes if ϕ |= ψ, and no otherwise

If Sat(ϕ ∧ ¬ψ)=no, then return yes. Otherwise, return no.

Proof. Direct consequence of Theorems 2.3.1, 2.5.5, and 2.5.6.

Corollary 2.5.9.

Entailment in Kn is in Pspace.

Remark 2.5.10.

For the global consequence relation, entailment in Kn is Exptime-complete (cf.

[Don03]), and is therefore likely to be more difficult than entailment with respect

to the local consequence relation.

2.6 Uniform Interpolation

In this section, we consider the problem of computing the finest approximation

of a formula over a given signature. This task has been studied extensively in

mathematical logic, where it is known as uniform interpolation, and in artificial

intelligence, where it is commonly referred to as (variable) forgetting (cf. [LR94],

[LLM03]).

Definition 2.6.1.

Let L be a signature. A formula ψ is said to be a uniform interpolant of ϕ over L,

or simply an L-interpolant of ϕ, just in the case that ϕ |= ψ, sig(ψ) ⊆ L, and for

every ψ′ such that ϕ |= ψ′ and sig(ψ′) ⊆ L we have ψ |= ψ′.

Interestingly enough, the existence of a uniform interpolant of a formula is not

guaranteed. Logics for which uniform interpolants always exist are said to have the

uniform interpolation property 3. Many logics do not enjoy this property, among

them, classical first-order logic (cf. [Hen63]), the modal logic S4 [GZ95], and the

logic Kn if we use the global consequence relation (cf. [GLW06], [KWW08]).

Fortunately, the logic that we are interested in here, Kn with the local con-

sequence relation, does have the uniform interpolation property. This was orig-

inally shown in [Ghi95] (see also [Vis96]). More recently, a variety of different

3. This is a stronger version of the well-known Craig interpolation property (cf. [Cra57]), which

states that for every pair of formulae ϕ and ψ such that ϕ |= ψ, there exists a third formula χ

such that ϕ |= χ |= ψ and sig(χ) ⊆ sig(ϕ) ∩ sig(ψ).


procedures for constructing uniform interpolants of Kn formulae have been pro-

posed (cf. [tCCMV06], [Bıl07], and [HM08]). The approach in [tCCMV06] runs

in single-exponential space and produces uniform interpolants which are at most

single-exponentially larger than the input formula. These complexity upper bounds

are optimal, given that uniform interpolation may involve an exponential blowup

in formula size in the worst-case:

Theorem 2.6.2.

The shortest L-interpolant of a formula may be single-exponentially larger than the

formula.

Proof. Direct corollary of the corresponding result for propositional formulae (cf.

e.g. [LLM03]).

We present here an alternative procedure (which is broadly similar to the one

outlined in [tCCMV06]) for producing single-exponential-sized interpolants. Our

algorithm LangInt exploits the distributivity of uniform interpolation over dis-

junction, shown in the following lemma:

Lemma 2.6.3.

Let L be a signature, and let the formulae ψ′1, ..., ψ′m be L-interpolants respectively

of the formulae ψ1, ..., ψm. Then ψ′1 ∨ ...∨ψ′m is an L-interpolant of ψ1 ∨ ...∨ψm.

Proof. Let L, ψ1, .., ψm, ψ′1, ..., ψ′m be as in the statement of the lemma, and let ϕ

be such that ψ1 ∨ ... ∨ ψm |= ϕ and sig(ϕ) ⊆ L. Then for each 1 ≤ j ≤ n, we must

have ψj |= ϕ, and hence ψ′j |= ϕ since we have assumed that ψ′j is an L-interpolant

of ψj. But then we must also have ψ′1 ∨ ... ∨ ψ′m |= ϕ, completing the proof.

Our algorithm also leverages the following lemma, which characterizes the uni-

form interpolants of conjunctive formulae:

Lemma 2.6.4.

Let T be a conjunctive formula, and L a signature. Let the formula T ′ be defined

as follows:

• If T is unsatisfiable, then

T ′ = ⊥

• Else, if {(¬)v ∈ Prop(T ) | v ∈ L} = ∅ and for all i ∈ L, both Boxi(T ) = ∅

and Diami(T ) = ∅, then

T ′ = ⊤


• Otherwise:

T ′ = (∧

v∈Prop(T ):v∈L

v) ∧ (∧

¬v∈Prop(T ):v∈L

¬v)

∧ (∧

i∈L:Boxi(T )6=∅

2i UIL(∧

χ∈Boxi(T )

χ) )

∧ (∧

i∈L:Diami(T )6=∅,Boxi(T )6=∅

(∧

ψ∈Diami(T )

3i UIL(ψ ∧∧

χ∈Boxi(T )

χ) ) )

∧ (∧

i∈L:Diami(T )6=∅,Boxi(T )=∅

(∧

ψ∈Diami(T )

3i UIL(ψ) ) )

where UIL(ϕ) is any L-interpolant of ϕ.

Then T ′ is an L-interpolant of T .

Proof. Let

T = γ1 ∧ ... ∧ γk ∧n∧

i=1

(3i ψi,1 ∧ ... ∧ 3i ψi,li ∧ 2iχi,1 ∧ ... ∧ 2i χi,mi)

be a conjunctive formula, and let T ′ be as defined in the statement of the lemma.

Consider some formula α with signature in L such that T |= α. Because of Theorems

2.4.9 and 2.4.11, we can assume without loss of generality that α is a conjunction

of disjunctive formulae with signatures in L. Let

λ = ρ1 ∨ ... ∨ ρp ∨∨

i∈L

(3i ǫi,1 ∨ ... ∨ 3i ǫi,qi ∨ 2i ζi,1 ∨ ... ∨ 2i ζi,ri)

be one of ψ’s conjuncts. We need to show that T ′ |= λ, and therefore T ′ |= α. If

λ is tautologous, then T ′ |= λ trivially holds. Likewise, if T is unsatisfiable, then

we have T ′ = ⊥, and hence T ′ |= λ. So let us now consider the case where T is

satisfiable and λ non-tautologous. Since T |= λ, we know that

γ1 ∧ ... ∧ γk ∧∧ni=1(3i ψi,1 ∧ ... ∧ 3i ψi,li ∧ 2iχi,1 ∧ ... ∧ 2i χi,mi

)∧

¬ρ1 ∧ ... ∧ ¬ρp ∧∧

i∈L(2i ¬ǫi,1 ∧ ... ∧ 2i ¬ǫi,qi ∧ 3i ¬ζi,1 ∧ ... ∧ 3i ¬ζi,ri)

is unsatisfiable. It follows then by Theorem 2.3.1 that one of the following holds:

(a) γ1 ∧ ... ∧ γk ∧ ¬ρ1 ∧ ... ∧ ¬ρp |= ⊥

(b) there exists some i ∈ L and some 1 ≤ u ≤ li such that

ψi,u ∧ χi,1 ∧ ... ∧ χi,mi∧ ¬ǫi,1 ∧ ... ∧ ¬ǫi,qi |= ⊥

(c) there exists some i ∈ L and some 1 ≤ u ≤ ri such that

¬ζi,u ∧ χi,1 ∧ ... ∧ χi,mi∧ ¬ǫi,1 ∧ ... ∧ ¬ǫi,qi |= ⊥


If (a) holds, then because we have assumed T satisfiable and λ non-tautologous, we

know that there must be some u and v such that γu = ρv. As γu is a conjunct of

T ′, we have T ′ |= λ.

If (b) holds, then we have ψi,u ∧ χi,1 ∧ ... ∧ χi,mi|= ǫi,1 ∨ ... ∨ ǫi,qi. As sig(ǫi,1 ∨

... ∨ ǫi,qi) ⊆ sig(λ) ⊆ L, we know that every L-interpolant of ψi,u ∧ χi,1 ∧ ... ∧ χi,mi

must entail ǫi,1 ∨ ... ∨ ǫi,qi. Thus, UIL(ψi,u ∧ χi,1 ∧ ...∧ χi,mi) |= ǫi,1 ∨ ... ∨ ǫi,qi, and

hence 3i UIL(ψi,u ∧ χi,1 ∧ ... ∧ χi,mi) |= 3i ǫi,1 ∨ ... ∨ 3i ǫi,qi . As i ∈ L, we know

that 3i UIL(ψi,u ∧ χi,1 ∧ ...∧ χi,mi) (or 3i UIL(ψi,u), if 2i(T ) = ∅) is a conjunct of

T ′. This means T ′ |= λ.

Finally, consider the case where (c) holds. Then we have χi,1 ∧ ... ∧ χi,mi|=

ζi,u ∨ ǫi,1 ∨ ...∨ ǫi,qi. As UIL(χi,1 ∧ ...∧χi,mi) is an L-interpolant of χi,1 ∧ ...∧χi,mi

and sig(ζi,u ∨ ǫi,1 ∨ ... ∨ ǫi,qi) ⊆ sig(λ) ⊆ L, we must have UIL(χi,1 ∧ ... ∧ χi,mi) |=

ζi,u∨ ǫi,1∨ ...∨ ǫi,qi , and thus 2i UIL(χi,1∧ ...∧χi,mi) |= 2i ζi,u∨3i ǫi,1∨ ...∨3i ǫi,qi .

As i ∈ L, we know that 2i UIL(χi,1 ∧ ... ∧ χi,mi) is a conjunct of T ′, which means

T ′ |= λ.

We have thus shown that T ′ entails every formula which is implied by T and

has signature in L. As T ′ has signature in L by definition, it follows that T ′ is an

L-interpolant of T .

We now present our algorithm LangInt for generating L-interpolants. The

idea behind our algorithm is very simple: we first rewrite the input formula as an

disjunction of conjunctive formula, then we compute the L-interpolants of each of

the conjunctive formulae (using Lemma 2.6.4), and finally we take the disjunction

of these L-interpolants.

Example 2.6.5.

We run LangInt on the formula ϕ = (a ∧ b ∧ 22c ∧ 22¬c ∧ 3122a) ∨ (¬a ∧ c ∧

32(b ∧ 32c) ∧ 22a) and signature {a, 2}:

• In Step 1, we set T = Dnf(ϕ) = {a∧ b∧22(c∧¬c)∧3122a,¬a∧ c∧32(b∧

32c) ∧ 22a}, and we initialize S to ∅.

• We examine the first element of T which is T1 = a∧ b∧22c∧22¬c∧3122a.

The condition of the if-statement does not apply since T1 is satisfiable, so we

enter the else-statement, where we initialize NewConj to {a}. As Box2(T1) =

{c,¬c} 6= ∅, we make a recursive subcall on T2 = c ∧ ¬c:

– In Step 1, we compute Dnf(T2), which is {c∧¬c}. In Step 2, the condition

of the if-statement is satisfied, so we set T ′2 = ⊥ and add it to S. In Step

3, we output ⊥.

We thus add 22⊥ to NewConj. As Diam2(T1) = ∅, we set T ′1 = a ∧ 22⊥

and add it to the set S.


Algorithm 2.8 LangInt

Input: a Kn-formula ϕ and a signature L

Output: an L-interpolant of ϕ

(1) Set T = Dnf(ϕ), and initialize S to ∅.

(2) For each T ∈ T :

If Sat(T )=no, then

Set T ′ = ⊥

Else

Initialize NewConj to {(¬)v ∈ Prop(T ) | v ∈ L}

For each 1 ≤ i ≤ n such that i ∈ L ∩ sig(ϕ):

If Boxi(T ) 6= ∅, then

Add 2i LangInt(∧

ψ∈Boxi(T ) ψ) to NewConj

For each γ ∈ Diami(T ):

Add 3i LangInt(γ ∧∧

ψ∈Boxi(T ) ψ) to NewConj

Else if Diami(T ) 6= ∅

For each γ ∈ Diami(T ):

Add 3i LangInt(γ) to NewConj

If NewConj 6= ∅, set T ′ =∧

κ∈NewConj κ, else set T ′ = ⊤

Add T ′ to S

(3) Return∨

σ∈S σ

• We now examine the second and last element of T , which is T3 = ¬a ∧ c ∧

32(b ∧ 32c) ∧ 22a. The else-statement applies, so we initialize NewConj

to {¬a}. We have Box2(T3) = {a} 6= ∅, so we call LangInt on input a.

It returns a, so 22a is added to NewConj. Next we consider the conjunct

32(b ∧ 32c), and we make a recusive subcall on input T4 = b ∧ 32c ∧ a:

– The only term output by Dnf(T4) is b ∧ 32c ∧ a itself. In Step 2, the else

case applies, so we set NewConj = {a}. As there are no 22-conjuncts but

there are some 32-conjuncts, we are in the second else case, and we call

LangInt on the formula c:

∗ On input c and {a, 2}, the algorithm returns just ⊤, since no formulae

are added to NewConj during the examination of c.

We add 32⊤ to NewConj, and output a ∧ 32⊤.

We add 32(a ∧ 32⊤) to NewConj. We then set T ′3 = ¬a ∧ 32(a ∧ 32⊤).

• In Step 4, we return the disjunction of elements in S, which is (a ∧ 22⊥) ∨

(¬a ∧ 32(a ∧ 32⊤)).

We now formally prove the correctness of LangInt:


Theorem 2.6.6.

On input ϕ and L, the algorithm LangInt returns an L-interpolant of ϕ.

Proof. The proof is by induction on the depth of the input formula ϕ. We begin with

the case where δ(ϕ) = 0. In Step 1, we set T = Dnf(ϕ). We know from Corollary

2.4.5 that T is a set of conjunctive formulae whose disjunction is equivalent to ϕ.

We also know from Theorem 2.4.6 that the elements in T have depth 0, i.e. they are

all propositional terms. In Step 2, for each term T in T , we add to S the formula

T ′. There are three possibilities: either T ′ is ⊥ if T is unsatisfiable, or T ′ is the

conjunction of the propositional literal conjuncts of T whose variables belong to L,

or if there are no such conjuncts, then T ′ = ⊤. Because of Lemma 2.6.4, we know

that T ′ is an L-interpolant of T . This means that the elements in S at the end

of Step 2 are precisely the L-interpolants of the elements in T . Because uniform

interpolation distributes over disjunction (Lemma 2.6.3), it follows that∨

σ∈S σ is

an L-interpolant of∨

T∈T T and hence of the formula ϕ.

Next let us suppose that LangInt performs as desired when the input formula

has depth at most d, and let ϕ be a formula with depth d + 1. Again, in Step 1,

we will use Dnf to generate a set T of conjunctive formulae whose disjunction is

equivalent to ϕ (Corollary 2.4.5). In Step 2, for each T ∈ T , we add the formula

T ′ to S, which we know from the induction hypothesis and Lemma 2.6.4 to be an

L-interpolant of T . This means that at the end of Step 2 the set S contains for

each T ∈ T an element T ′ which is an L-interpolant of T . As uniform interpolation

distributes over disjunction (Lemma 2.6.3), the formula∨

σ∈S σ must be an L-

interpolant of∨

T∈T T and hence of ϕ. It follows that LangInt(ϕ,L) is an L-

interpolant of ϕ.

The next theorem concerns the worst-case running time of LangInt.

Theorem 2.6.7.

The algorithm LangInt runs in single-exponential time.

Proof. In this proof, we let q and r be polynomial functions such that Dnf (resp.

Sat) terminates in at most 2q(l) (resp. 2r(l)) time steps on input of length l. The

existence of such functions is guaranteed for Dnf by Theorem 2.4.8 and for Sat by

Theorem 2.5.6 together with the fact that Pspace ⊆ Exptime (cf. Appendix A).

Throughout the proof, we will use tk(l) to denote the maximum execution time

of LangInt when the input formula is in NNF and has depth k and length l. We

first consider the case where the input formula is a propositional formula in NNF

with length l. In this case, the algorithm spends worst-case single-exponential time

in l in Step 1 to generate the formulae in T (Theorem 2.4.8). We know from


Theorem 2.4.6 that there can never be more than 2l terms in T , each having length

at most l. In Step 2, for each term T in T , we test the satisfiability of T using Sat.

It can be easily verified that Sat will take only polynomial time in |T | and hence

in l, because T is a propositional term. If T is unsatisfiable, then we set T ′ = ⊥

(this obviously takes constant time). Otherwise, we enter the else-loop and set T ′

equal to the conjunction of those conjuncts of T which concern variables in L. This

clearly takes linear time in T . Thus, in Step 2, we spend a polynomial amount of

time on each T , and hence a single-exponential time overall. In Step 3, we output

the at most single-exponentially large formula∨

σ∈S σ. It follows that when the

input formula has size l, the algorithm LangInt terminates in single-exponential

time in l. We can thus find some polynomial function p such that t0(l) ≤ 2p(l).

Now we will try to place an upper bound on tk+1(l). Consider some formula ϕ

in NNF with depth k + 1 and length l = |ϕ|. In Step 1, we call the procedure Dnf

on input ϕ, which we know terminates in at most 2q(|ϕ|) = 2q(l) time steps. Now

in Step 2, we examine each of the elements in T in turn. Because ϕ is assumed

to be in NNF, we know from Theorem 2.4.6 that there can be at most 2l elements

in T , each having length at most l. In Step 2, we examine each of the terms T in

T in turn. We start by calling Sat on T , which we know terminates in at most

2r(|T |) ≤ 2r(l) steps. If T is unsatisfiable, we simply set T ′ = ⊥. If instead we are in

the else-case, then we begin by initializing NewConj, which takes only linear time

in |T | ≤ l. Determining the set of indices i such that i ∈ L∩sig(ϕ) also takes linear

time in |T | ≤ l, as does determining for a given i, the sets Boxi(T ) and Diami(T ).

For i such that Boxi(T ) 6= ∅, we add the formula 2i LangInt(∧

ψ∈Boxi(T ) ψ) to

NewConj. Computing LangInt(∧

ψ∈Boxi(T ) ψ) takes time at most tk(l), since∧

ψ∈Boxi(T ) ψ is a formula in NNF with depth at most k and length at most |T | ≤ l.

We must also add for each γ ∈ Diami(T ) the formula 3i LangInt(γ∧∧

ψ∈Boxi(T ) ψ)

to NewConj. Since γ ∧∧

ψ∈Boxi(T ) ψ is a formula in NNF with depth at most k

and length at most |T | ≤ l, we know that computing LangInt(γ ∧∧

ψ∈Boxi(T ) ψ)

takes at most tk(l) time steps. Similarly, if Boxi(T ) = ∅, then the computation

of LangInt(γ) takes at most tk(l) time steps. We remark that the number of

formulae added to NewConj is bounded by the number of conjuncts in T and

hence by l. This means that we will never call LangInt more than l times, and

each call requires at most tk(l) time steps. Thus, the computation for a given T of

T ′ takes O(2r(l) + l ∗ tk(l)), which means that the total execution time of Step 2 is

on the order of 2l(2r(l) + l ∗ tk(l)). In the final step of LangInt, we simply return

the conjunction of elements in S. Clearly this cannot require any more time than

producing S in Step 2. Thus, we find that:

tk+1(l) ∈ O(2q(l) + 2(2l(2r(l) + l ∗ tk(l))))


It follows that for k ≥ 1, we have

tk(l) ∈ O((2l+1 ∗ l)k2p(l) + Σk−1j=0(2l+1 ∗ l)j ∗ (2q(l) + 2l+1 ∗ 2r(l)))

As we always have k ≤ |ϕ| and l = |ϕ|, it follows that the running time of LangInt

on a formula ϕ is in

O((2|ϕ|+1 ∗ |ϕ|)|ϕ| 2p(|ϕ|) + Σ|ϕ|−1j=0 (2|ϕ|+1 ∗ |ϕ|)j ∗ (2q(|ϕ|) + 2|ϕ|+1 ∗ 2r(|ϕ|)))

The latter expression is clearly single-exponential in |ϕ| since both p, q, and r are all

polynomial functions. We have thus shown that for formulae in NNF the algorithm

LangInt runs in single-exponential time. This result can then be transferred to

arbitrary formulae as the NNF transformation runs in polynomial (linear) time

(Theorem 2.4.2).

Corollary 2.6.8.

The formula output by LangInt is at most single-exponentially larger than the

input formula.

Proof. Direct consequence of Theorem 2.6.7.

The following lemma shows that LangInt maps disjunctive formulae to disjunc-

tive formulae. We will make use of this property in some of the proofs of results in

Chapter 5.

Lemma 2.6.9.

If the formula which is input to LangInt is a disjunctive formula, then the formula

which is output by LangInt is also a disjunctive formula.

Proof. Consider some disjunctive formula λ = β1 ∨ ...∨βm. Since each βj is a basic

formula, the set T computed in Step 1 of LangInt is equal to {β1, ..., βm}. Now we

remark that in Step 2 of LangInt, the number of conjuncts in T ′ is never greater

than the number of conjuncts in T . As each formula βj is its own unique conjunct,

we know that all of the formulae added to S in Step 2 are basic formulae, which

means that the formula∨

σ∈S σ output by LangInt is a disjunctive formula.

Finally, we close this subsection with the following lemma which shows uniform

interpolation distributes over the modal operators. This property will be needed in

Chapter 6.

Lemma 2.6.10.

If ψ′ is an L-interpolant of ψ, and i ∈ L, then the L-interpolant of 2iψ (resp. 3iψ)

is 2iψ′ (resp. 3iψ

′).

52 2.7. Relation to First-Order Logic

ST (⊤, x) = ⊤ ST (⊥, x) = ⊥

ST (vj , x) = Pj(x) ST (¬ϕ, x) = ¬ST (ϕ, x)

ST (ϕ ∧ ψ, x) = ST (ϕ, x) ∧ ST (ψ, x) ST (ϕ ∨ ψ, x) = ST (ϕ, x) ∨ ST (ψ, x)

ST (2iϕ, x) = ∀y (Ri(x, y) → ST (ϕ, y)) ST (3iϕ, x) = ∃y (Ri(x, y) ∧ ST (ϕ, y))

Figure 2.3: Embedding of the modal logic Kn in first-order logic. Note that the

variable y used in the translation of 2- and 3- formulae must be new (i.e. not

already used in the translation).

Proof. We only give the proof for 2-formulae, as the proof for 3-formulae is very

similar. Consider some formula 2iψ and some signature L such that i ∈ L. Let

ψ′ be an L-interpolant of ψ, and let ϕ be such that 2iψ |= ϕ and sig(ϕ) ⊆ L.

Because of Theorems 2.4.9 and 2.4.11, we can assume without loss of generality

that ϕ is of the form λ1 ∧ ... ∧ λm for some disjunctive formulae λ1, ..., λm. We

now show that 2iψ′ |= λj for every conjunct λj of ϕ. Consider then some such λj .

As 2iψ |= λj , it follows from Theorem 2.3.3 that λj is either tautologous or of the

form 2iχ1 ∨ ...2iχk ∨3iζ1 ∨ ...∨3iζl. In the first case, we clearly have 2iψ′ |= λj .

In the latter case, we know from Theorem 2.3.3 that ψ |= χs ∨ ζ1 ∨ ... ∨ ζl for

every 1 ≤ s ≤ k. As sig(λj) ⊆ L and ψ′ is an L-interpolant of ψ, we get that

ψ′ |= χs ∨ ζ1 ∨ ... ∨ ζl for every 1 ≤ s ≤ k. But it must then be the case that

2iψ′ |= 2iχ1 ∨ ...2iχk ∨3iζ1∨ ...∨3iζl (Theorem 2.3.3). We have thus shown that

2iψ |= λj for each 1 ≤ j ≤ n, and hence that 2iψ |= ϕ. This means that 2iψ′ is

an L-interpolant of 2iψ.

2.7 Relation to First-Order Logic

As we mentioned in Chapter 1, modal logics generally correspond to fragments

of classical first-order logic. In this section, we examine more closely the relationship

holding between the modal logic Kn and first-order logic.

In Figure 2.3, we present the standard translation of Kn-formulae into first-order

logic formulae (cf. [van83], [Bv06], [HHSS06]). We remark that each propositional

variable vj is associated with a unary predicate Pj , and each 1 ≤ i ≤ n is associated

with a binary relation Ri which is used in the translation of 2i- and 3i-formulae.

The translation function fx takes as second parameter a first-order variable x;

this is because Kn-formulae are mapped to first-order logic formulae with one free


variable. Thus, when applying the translation function ST to a Kn-formula ϕ and

variable x, we obtain a first-order formula ST (ϕ, x) which has x as its unique free

variable. We demonstrate the translation with an example.

Example 2.7.1.

ST (21(¬v1 ∧ 32v3), x)

= ∀y(R1(x, y) → ST (¬v1 ∧ 32v3, y))

= ∀y(R1(x, y) → ST (¬v1, y) ∧ ST (32v3, y))

= ∀y(R1(x, y) → ¬P1(y) ∧ ST (32v3, y))

= ∀y(R1(x, y) → ¬P1(y) ∧ ∃z(R2(y, z) ∧ ST (v3, z)))

= ∀y(R1(x, y) → ¬P1(y) ∧ ∃z(R2(y, z) ∧ P3(z)))

The following theorem shows that the translation ST is satisfiability-preserving.

Theorem 2.7.2.

Let ϕ be a Kn-formula, let M = 〈W, {Ri}ni=1, v〉 be a Kn-model, and let I = 〈∆I , ·I〉

be the first-order logic model defined as follows: ∆I = W, P Ij = v(vj), and RIi =

Ri. Finally, consider some w ∈ W, and let s be a variable assignment which maps

the variable x to w. Then we have:

M, w |= ϕ if and only if I, s |= ST (ϕ, x)

Because of Theorem 2.7.2, results concerning first-order logic can be transferred

to Kn. This allows us for instance to derive that Kn has the compactness property:

Theorem 2.7.3.

Let Σ be a set of Kn-formulae. If every finite subset of Σ is satisfiable, then Σ is

also satisfiable.

Proof. Direct consequence of the analogous result for first-order logic (cf. Theorem

1.3.22 of [CK90]) and the embedding of Kn in first-order logic (Theorem 2.7.2).

2.8 Relation to Description Logics

Like modal logics, description logics are a family of knowledge representation

languages which offer more expressivity than propositional logic but better com-

putational properties than first-order logic. In this section, we start by providing

a general overview of description logics, before moving on to discuss two specific

description logics (ALC and ALE) and their relation to the modal logic Kn.

54 2.8. Relation to Description Logics

2.8.1 A short introduction to description logics

The basic building blocks of all description logics are atomic concepts and atomic

roles, which correspond respectively to unary and binary predicates. We might for

example have atomic concepts Female and Teacher and atomic roles HasChild

and IsFriendOf . More complex concepts and roles can be built from the set of

atomic concepts and roles by using concept and role constructors. So for instance,

given two concepts Female and Teacher, and the constructor conjunction (⊓),

we can form the complex concept Female ⊓ Teacher, which describes the set of

female teachers. The set of constructors available depends on the description logic

in question.

Description logic knowledge bases are composed of two parts, an ABox and a

TBox. The ABox makes statements about the properties of specific individuals and

relationships between individuals. It is composed of a finite set of assertions of the

following forms:

C(a) R(a, b)

where a and b are named individuals, C is a concept expression, and R a role

expression. The assertion C(a) states that a is an instance of the concept C, and

the assertion R(a, b) indicates that a stands in the relationship R to b. Typical

ABox axioms might be Teacher ⊔Doctor(mary) and HasChild(mary, john).

The TBox is composed of a set of terminological axioms which allow us to

describe the relationship between different concepts 4. Terminological axioms have

one of the following two forms:

C ≡ D C ⊑ D

where C and D are both concept expressions. The first axiom states that the

concepts C and D describe the same set of individuals, whereas the second states

that the concept D is more general than C. Some examples of TBox axioms are

Mother ≡ Female ⊓ ∃HasChild.⊤, Parent ≡ Mother ⊔ Father, and Cat ⊑

Animal.

The meaning of concept expressions, ABox assertions, and TBox axioms is given

via a model-theoretic semantics which is quite similar to that of first-order logic.

An interpretation I is defined to be a pair 〈∆I , ·I〉, where ∆I is a non-empty

set and ·I is a function mapping each atomic concept A to a set AI ⊆ ∆I , each

atomic role R ∈ R to a relation RI ⊆ ∆I × ∆I , and each individual name a to an

element aI ∈ ∆I of the universe. The function ·I is straightforwardly extended to

4. Some description logics also permit role axioms.


handle complex concept and role expressions. For example, conjunction of concepts

is interpreted as intersection of the sets corresponding to the concepts. Thus, to

every concept expression C is associated a subset CI ⊆ ∆I and to every role

expression S is associated a relation SI ⊆ ∆I × ∆I .

A concept C is said to be satisfiable if there is some interpretation I for which

CI 6= ∅. If there is no such model, then C is said to be unsatisfiable, and we write

|= C ⊑ ⊥. We say that a concept C is subsumed by D (or that D subsumes C),

written |= C ⊑ D, if for every model I we have CI ⊆ DI . An ABox assertion C(a)

is said to hold in an interpretation I if aI ∈ CI . An assertion R(a, b) is verified by

I if (aI , bI) ∈ RI . An ABox A is satisfied by an interpretation I if every assertion

in A holds in I. An ABox A1 entails another ABox A2 if every interpretation which

satisfies A1 also satisfies A2. A TBox axiom C ⊑ D (resp. C ≡ D) is satisfied by a

model I if CI ⊆ DI (resp. CI = DI). A TBox is satisfied in I if all of its axioms

are satisfied in I. A TBox T1 entails another TBox T2 just in the case that every

model of T1 is also an model of T2.

Some typical description logic reasoning tasks are:

- Concept satisfiability : Is the concept C satisfiable?

- Subsumption: Is the concept C subsumed by the concept D?

- Abox entailment : Does the ABox A1 entail the ABox A2?

- TBox entailment : Does the TBox T1 entail the TBox T2?

2.8.2 The description logic ALC

The description logic that will be of most interest to us in this thesis is ALC.

Concepts expressions in ALC are built up from atomic concepts and roles using the

following constructors: negation (¬), conjunction (⊓), disjunction (⊔), universal

role restriction (∀), and existential role restriction (∃). Formally, the syntax of

concept expressions is defined recursively as follows:

C ::= ⊤ |⊥ |A | ¬C |C ⊓ C |C ⊔C | ∀R.C | ∃R.C

where A is an atomic concept and R an atomic role. A typical ALC expression

might be

Male ⊓ Teacher ⊓ ∃hasChild.⊤ ⊓ ∀hasChild.(Doctor ⊔ Teacher)

which describes the set of male teachers that are fathers having only doctors and

teachers as children.


f(⊤) = ⊤

f(⊥) = ⊥

f(aj) = Aj

f(¬ϕ) = ¬f(ϕ)

f(ϕ ∧ ψ) = f(ϕ) ⊓ f(ψ)

f(ϕ ∨ ψ) = f(ϕ) ⊔ f(ψ)

f(3i ϕ) = ∃Ri.f(ϕ)

f(2i ϕ) = ∀Ri.f(ϕ)

(a) From Kn to ALC.

g(⊤) = ⊤

g(⊥) = ⊥

g(Aj) = aj

g(¬C) = ¬g(C)

g(C ⊓D) = g(C) ∧ g(D)

g(C ⊔D) = g(C) ∨ g(D)

g(∃Ri.C) = 3i g(C)

g(∀Ri.C) = 2i g(C)

(b) From ALC to Kn.

Figure 2.4: Mapping between Kn formulae and ALC concept expressions.

The semantics of the different ALC constructors is defined as follows:

⊤I = ∆I

⊥I = ∅

(¬C)I = ∆I \ CI

(C ⊓D)I = CI ∩DI

(C ⊔D)I = CI ∪DI

(∀R.C)I = {a ∈ ∆I | ∀b. (a, b) ∈ RI ⇒ b ∈ CI}

(∃R.C)I = {a ∈ ∆I | ∃b. (a, b) ∈ RI and b ∈ CI}

Correspondence between Kn and ALC

In Figure 2.4, we define two functions, one mapping Kn formulae to ALC con-

cept expressions, and the second mapping ALC concept expressions to Kn for-

mulae. The mappings are quite straightforward: atomic concepts are associated

with propositional variables, role restrictions are associated with modal operators,

and the boolean concept constructors are mapped to the corresponding Boolean

connectives.

Theorem 2.8.1 ([Sch91]).

Let f and g be as defined in Figure 2.4.

1. For Kn-formula ϕ and ψ: ϕ |= ψ if and only if |= f(ϕ) ⊑ f(ψ)

2. For ALC concepts C and D: |= C ⊑ D if and only if g(C) |= g(D)


Because of Theorem 2.8.1, results concerning Kn-formulae (with respect to the

local consequence relation) can be transferred to ALC concept expressions, and

vice-versa. This means in particular that all of the results that we will establish in

the following chapters for Kn-formulae apply equally well to concept expressions in

ALC.

Remark 2.8.2.

Entailment between ALC TBoxes can also be rephrased in terms of Kn formulae,

but for this, the global consequence relation is required. ABoxes, on the other hand,

cannot be represented in the logic Kn since Kn (like most modal logics) does not

provide any means of referring to particular worlds.

2.8.3 The description logic ALE

In later chapters, we will also make reference to the description logic ALE, which

is obtained from ALC by disallowing disjunction and general negation of concepts.

Formally, the syntax of ALE concept expressions is defined recursively as follows:

C ::= ⊤ |⊥ |A | ¬A |C ⊓ C | ∀R.C | ∃R.C

Using the mappings between Kn and ALC from the previous subsection, we see

that ALE expressions correspond precisely to the set of Kn formulae which are in

negation normal form and do not contain any disjunction symbols.

The reduced expressiveness of ALE compared to ALC is rewarded by a drop

in the complexity of reasoning: both the unsatisfiability and subsumption tasks 5

for ALE concept expressions can be accomplished in non-deterministic polynomial

time, whereas the corresponding problems for ALC are Pspace-complete.

Theorem 2.8.3 ([SSS91], [DLN+92]).

Unsatisfiability and subsumption of ALE concept expressions are both in NP.

Proof. We give a proof for unsatisfiability, and refer the reader to [DLN+92] for

subsumption. Consider the following non-deterministic procedure for deciding the

unsatisfiability of an ALE concept C:

(1) Guess a (possibly empty) sequence S1, ..., Sn of subconcepts 6 of C such that

n ≤ δ(C) and each Si is of the form ∃R.E. Set D equal to C.

5. For description logics like ALC which allow for full negation, concept satisfiability and sub-

sumption can be reduced to one another, but for less expressive logics, these tasks can have different

complexities.

6. The notion of subconcept is defined analogously to that of subformula. Likewise, the size

and depth of a concept are defined in the same manner as for formulae.


(2) For i = 1 to n

If Si = ∃R.E is a conjunct of D,

Set D = E ⊓ (⊓F∈FF ), where F = {F | ∀R.F is a conjunct of D}

Else, return no

(3) Return yes if D has a conjunct ⊥ or a pair of conjuncts A,¬A, else return no.

This procedure clearly runs in non-deterministic polynomial time since in Step 1

we guess at most n ≤ |C| concepts each with size at most |C|, and there are at most

n ≤ |C| iterations of the for loop in Step 2, each iteration taking only a polynomial

amount of time.

We now show that the above procedure outputs yes just in the case the input

concept is unsatisfiable. For the first direction, suppose the output on C is yes,

and let S1, ..., Sn be the sequence of subconcepts guessed in Step 1. It can be

easily shown by induction that the concept D at the beginning of Step 3 must

satisfy |= C ⊑ (∃R)nD. Moreover, we also know that D must have a conjunct ⊥

or a pair of conjuncts A and ¬A, since the output on C is yes. It follows that

|= C ⊑ (∃R)n⊥, and hence |= C ⊑ ⊥. For the other direction, suppose C is

unsatisfiable. We set D1 = C, and we construct a sequence of concepts S1, ..., Sm

in the following manner. If at stage i, the concept Di has a conjunct ⊥ or a pair

of conjuncts A and ¬A, we return the empty sequence. Otherwise, the concept

Di must possess conjuncts ∃R.E, ∀R.F1, ..., ∀R.Fm such that E ⊓ F1 ⊓ ... ⊓ Fm is

unsatisfiable. We set Si = ∃R.E and set Di+1 = E ⊓ F1 ⊓ ... ⊓ Fm. We remark

that there can be at most δ(C) elements in the constructed sequence since the

depth of Di+1 is at least one less than the depth of Di. We also remark that if the

constructed sequence has n elements, then the concept Dn+1 has either a conjunct

⊥ or a pair of conjuncts A,¬A. Moreover, it is easily verified that if the sequence of

subconcepts we have constructed is guessed in Step 1, then the concept examined

in Step 3 is precisely the concept Dn+1. It follows that there exists a sequence

which leads to an output of yes on input C.

NP-hardness of the unsatisfiability and subsumption tasks can also be demon-

strated.

Theorem 2.8.4 ([DLN+92]).

For ALE concept expressions, unsatisfiability and subsumption are both NP-hard.

Proof. The original proof in [DLN+92] uses a reduction from the NP-complete

problem One-in-three 3SAT, but here we outline another reduction from the exact

cover problem which was presented in [Don03]. The exact cover problem (cf. [GJ79])

is the following: given a set U = {u1, ..., un} and a set S = {S1, ..., Sm} of subsets


of U , determine whether there exists an exact cover, that is, a subset {Sj1, ..., Sjq}

of S such that Sjh ∩ Sjk = ∅ for h 6= k and⋃qk=1 Sjk = U . We will show that U ,S

has an exact cover if and only if the ALE concept CU ,S pictured in Figure 2.5 is

unsatisfiable.

CU ,S = D1,1 ⊓ ... ⊓D1,m ⊓ E

where the Di,j are defined inductively as follows

Di,j =

{

∃R.Di+1,j, if either i ≤ n, ui ∈ Sj, or i > n and ui−n ∈ Sj

∀R.Di+1,j, if either i ≤ n, ui 6∈ Sj, or i > n and ui−n 6∈ Sj

for i ∈ {1, ..., 2n} and D2n+1,j = ⊤, and E = ∀R....∀R.︸︷︷︸

2n

⊥.

Figure 2.5: The concept CU ,S which codes an instance U = {u1, ..., un}, S =

{S1, ..., Sm} of the exact cover problem.

The first direction (U ,S has an exact cover ⇒ CU ,S is unsatisfiable) is rather

straightforward, so we concentrate on the second part of the equivalence. Suppose

then that the concept CU ,S is unsatisfiable. It follows that |= D1,1 ⊓ ... ⊓ D1,m ⊑

(∃R)2n⊤. We partition {1, ...,m} into two sets: a first set J ∃1 containing those

indices j for which D1,j = ∃R.D2,j, and a set J ∀1 containing those indices j for

which D1,j = ∀R.D2,j. We next define inductively a sequence of integers h1, ..., h2n

and sequences of sets J ∃2 , ...,J∃2n and J ∀2 , ...,J

∀2n in the following manner:

- hi is an element of J ∃i such that |= (⊓j∈J ∀iDi+1,j) ⊓Di+1,hi

⊑ (∃R)2n−i⊤

- J ∃i = {j | j ∈ J ∀i−1 ∪ {hi−1} and Di,j = ∃R.Di+1,j}

- J ∀i = {j | j ∈ J ∀i−1 ∪ {hi−1} and Di,j = ∀R.Di+1,j}

This definition is well-founded since the initial sets J ∃1 and J ∃1 have already been

defined above. Moreover, the fact that hi is chosen so that |= (⊓j∈J ∀iDi+1,j) ⊓

Di+1,hi⊑ (∃R)2n−i⊤ guarantees the existence of an element hi+1 of J ∃i+1 with the

required properties. We remark that by construction for every 1 ≤ i ≤ 2n − 1 we

have:

(a) J ∃i+1 ∪ J ∀i+1 ⊆ J ∃i ∪ J ∀i(b) |J ∃i ∩ (J ∃i+1 ∪ J ∀i+1)| = 1

We intend to show that Σ = {Shn+1, ..., Sh2n

} is an exact cover for U ,S. We first

remark that because of the way that hi are defined, for each 1 ≤ i ≤ n, we have

Dn+i,hn+i= ∃R.Dn+i+1,hn+i

, which means that each element ui ∈ U belongs to


some set in Σ (namely the set Shn+i). It remains to be shown that the sets in

Σ are pairwise disjoint. Suppose for a contradiction that some ui appears in two

distinct sets Shn+fand Shn+g

in Σ. That means that Di,hn+f= ∃R.Di+1,hn+f

and

Di,hn+g= ∃R.Di+1,hn+g

. We also know that hn+f ∈ J ∃n+f and hn+g ∈ J ∃n+g, and

hence hn+f ∈ J ∃i and hn+g ∈ J ∃i (by (a)). It follows then from (b) that either

hn+f 6∈ J ∃i+1 ∪ J ∀i+1 or hn+g 6∈ J ∃i+1 ∪ J ∀i+1. But then using (a), we find that either

hn+f 6∈ J ∃n+f or hn+g 6∈ J ∃n+g, which is a contradiction.

Note that the concept CU ,S used in the reduction in the preceding proof has a

very simple syntax (conjunction of strings of role restrictions followed by atomic

literals). We will make use of this fact in later chapters.

3

Prime Implicates and

Prime Implicants in Kn

The purpose of this chapter is to select a suitable definition of prime implicates and

prime implicants for the logic Kn. The first half of the chapter will be concerned with

the generalization of the notions of clauses and terms to Kn. As there is no obvious

definition, we will enumerate a list of syntactic, semantic, and complexity-theoretic

properties of propositional clauses and terms, which we will then use to compare the

different candidate definitions. In the second half of the chapter, we will consider the

different definitions of clauses and terms in light of the notions of prime implicate

and prime implicant they induce. Once again, we will list some basic properties from

the propositional case that we would like to satisfy, and we will see how the different

definitions measure up.

3.1 Defining Clauses and Terms in Kn

As we have seen in Chapter 1, the notions of prime implicates and prime impli-

cants are straightforwardly defined using the notions of clauses and terms. Thus,

if we aim to provide suitable definitions of prime implicates and prime implicants

for Kn, a logical first step is to come up with an appropriate definition of clauses

and terms in Kn. Unfortunately, whereas clauses and terms are standard notions in

both propositional and first-order logic 1, there is no generally accepted definition

1. One might wonder why we don’t simply translate our formulae in Kn into first-order formulae

and then put them into clausal form. The reason is simple: we are looking to define clauses and

terms within the language of Kn, and the clauses we obtain on passing by first-order logic are

61

62 3.1. Defining Clauses and Terms in Kn

of clauses and terms in Kn. Indeed, a couple of different notions of clauses and/or

terms for Kn have been proposed in the literature for various purposes.

Instead of blindly picking a definition and hoping that it is appropriate, we prefer

to list a number of characteristics of literals, clauses, and terms in propositional

logic, which will provide us with a principled means of comparing different candidate

definitions. Each of the properties below describes something of what it is to

be a literal, clause, or term in propositional logic. Although our list cannot be

considered exhaustive, we do believe that it covers the principal syntactic, semantic,

and complexity-theoretic properties of the propositional definition.

P1 Literals, clauses, and terms are in negation normal form.

P2 Clauses do not contain ∧, terms do not contain ∨, and literals contain neither

∧ nor ∨.

P3 Clauses (resp. terms) are disjunctions (resp. conjunctions) of literals.

P4 The negation of a literal is equivalent to another literal. Negations of clauses

(resp. terms) are equivalent to terms (resp. clauses).

P5 Every formula is equivalent to a finite conjunction of clauses. Likewise, every

formula is equivalent to a finite disjunction of terms.

P6 The task of deciding whether a given formula is a literal, term, or clause can

be accomplished in polynomial-time.

P7 The task of deciding whether a clause (resp. term) entails another clause (resp.

term) can be accomplished in polynomial-time.

3.1.1 Impossibility result

A natural question is whether there exist definitions of literals, clauses, and

terms for Kn satisfying all of the aforementioned properties. Unfortunately, the

following impossibility result shows this not to be the case.

Theorem 3.1.1.

Any definition of literals, clause, and terms for K that satisfies properties P1 and

P2 cannot satisfy P5.

Proof. Let us define clauses (resp. terms) to be the set of formulae in NNF which

do not contain ∧ (resp. ∨). This is clearly the most expressive definition of clauses

and terms satisfying both P1 and P2, so to show the result, it suffices to show that

generally not expressible in Kn. Moreover, if we were to define clauses in Kn as those first-order

clauses which are representable in Kn, we would obtain a set of clauses containing no 3 modalities,

thereby losing much of the expressivity of Kn.

3. Prime Implicates and Prime Implicants in Kn 63

this definition does not satisfy P5.

Suppose for a contradiction that this definition does satisfy P5. Then there must

exist clauses λ1, ..., λn such that 3(a ∧ b) ≡ λ1 ∧ ... ∧ λn. Each of the clauses λi is

a disjunction li,1 ∨ .... ∨ li,pi. By distributing ∧ over ∨, we obtain the following:

3(a ∧ b) ≡∨

(j1,...,jn)∈{1,...,p1}×...×{1,...,pn}

n∧

i=1

li,ji

from which we can infer that for each (j1, ..., jn) ∈ {1, ..., p1} × ... × {1, ..., pn} we

haven∧

i=1

li,ji |= 3(a ∧ b)

Consider some (j1, ..., jn) such that∧ni=1 li,ji is consistent (there must be at least

one such tuple, otherwise we would have 3(a ∧ b) ≡ ⊥). The formulae li,ji are

either propositional literals or formulae of the form 2κ or 3κ for some clause κ. It

follows that∧ni=1 li,ji must have the following form:

γ1 ∧ ... ∧ γk ∧ 3ψ1 ∧ ... ∧ 3ψm ∧ 2χ1 ∧ ... ∧ 2χn

where γ1, ..., γk are propositional literals and ψ1, ..., ψm, χ1, ..., χn are clauses with

respect to the definition we have chosen. As we know that∧ni=1 li,ji |= 3(a∧ b) and

∧ni=1 li,ji 6|= ⊥, by Theorem 2.3.1, there must be some 3ψq such that

3ψq ∧ 2χ1 ∧ ... ∧ 2χn |= 3(a ∧ b)

We now show that 3ψq 6|= 3(a ∧ b) (and hence that 6|= χ1 ∧ ... ∧ χn). Suppose

for a contradiction that this is not the case. Then we must have ψq |= a and

ψq |= b. But by Theorem 2.3.1, every disjunct of ψq (which we recall is a clause

w.r.t. our supposed definition) must either be unsatisfiable or equal to both a and

b. As the latter is impossible, it follows that ψq |= ⊥, which is a contradiction

since we assumed that∧ni=1 li,ji is satisfiable. It follows then that in order to get

3ψq ∧2χ1 ∧ ...∧2χn |= 3(a∧ b), there must be some χr which is not a tautology.

Now let us consider the formula

τ =∨

{(j1,...,jn)|Vn

i=1li,ji6≡⊥}

2χj1,...,jn

where 2χj1,...,jn is a non-tautological 2-formula appearing in∧ni=1 li,ji (we have

just shown that such a formula must exist). Clearly it must be the case that

∨

(j1,...,jn)∈{1,...,p1}×...×{1,...,pn}

n∧

i=1

li,ji |= τ


from which we get

3(a ∧ b) |= τ

But according to Theorem 2.3.2, a satisfiable 3-formula cannot imply a disjunction

of 2-formulae unless that disjunction is a tautology, so we must have |= τ . However,

this is impossible since it would imply (Theorem 2.3.1) that there is some χj1,...,jnwhich is a tautology, contradicting our earlier assumption to the contrary. We can

thus conclude that there is no set of clauses λ1, ..., λn with respect to our selected

definition such that 3(a ∧ b) ≡ λ1 ∧ ... ∧ λn, and hence that any definition which

satisfies P1 and P2 cannot satisfy P5.

The proof of Theorem 3.1.1 only makes use of the fact that ∧ does not distribute

over 3 and ∨ does not distribute over 2, which means that our impossibility result

holds equally well for most standard modal and description logics.

3.1.2 Analysis of candidate definitions

We will now consider a variety of possible definitions and evaluate them with

respect to the above criteria. Note that in what follows, we let i range over the

integers between 1 and n, a range over the set of propositional variables, and L, C,

and T range over the sets of literals, clauses, and terms respectively.

Definition D1

The first definition that we will consider is that proposed in [CP95] in the

context of abduction. The authors define terms to be the formulae which can be

constructed from the propositional literals using only ∧ and the modal operators.

Modal clauses and literals are not used in the paper but can be defined analogously,

yielding the following definition:

L ::= ⊤ |⊥ | a | ¬a |2i L |3i L

D1 C ::= ⊤ |⊥ | a | ¬a |2i C |3iC |C ∨ C

T ::= ⊤ |⊥ | a | ¬a |2i T |3i T |T ∧ T

It is easy to see by inspection that this definition satisfies properties P1 and P2. It

is also easy to see that property P6 is satisfied since D1 is a context-free grammar,

and it is well-known that the membership problem for context-free grammars can

be solved in polynomial time (cf. [You67]). Property P4 can also be shown to hold:

Lemma 3.1.2.

Definition D1 satisfies property P4.


Proof. We can show by induction on the structural complexity of formulae that the

function Nnf maps negations of literals to literals, negations of clauses to terms,

and negations of terms to clauses. As the proof is straightforward and rather

tedious, we will only give the proof for the case of clauses.

The base case is when the input to Nnf is the negation of a propositional literal.

The statement holds in this case since Nnf maps ¬a to ¬a and ¬(¬a) to a, and

both a and ¬a are terms with respect to definition D1.

Next let us suppose that the statement holds for clauses λ1 and λ2, and let λ1

and λ2 respectively be the formulae output by the function Nnf on inputs λ1 and

λ2. We now want to show that the result holds for more complex clauses built

from λ1 and λ2. If Nnf is called on input ¬2i λ1, then because of the induction

hypothesis, we know that the output will be the formula 3i λ1, which is a term

with respect to D1. If instead the input to Nnf is of the form ¬3i λ1, then Nnf

will output the D1-term 2i λ1. Finally, if the input to Nnf is the clause λ1 ∨ λ2,

then the output will be the term λ1 ∧ λ2.

The remaining properties are not satisfied by definition D1. Property P3 is

falsified since there are clauses that are not disjunctions of literals – take for instance

the clause 2(a ∨ b). Property P5 cannot hold because of our impossibility result

(Theorem 3.1.1). At first glance, it may seem that entailment between clauses or

terms of D1 could be accomplished in polynomial time (property P7), but this

turns out not to be the case. In fact, we can show this problem to be NP-complete.

The proof exploits the following correspondence between terms of D1 and concept

expressions in the description logic ALE .

Lemma 3.1.3.

1. The function f in Figure 2.4a maps D1-terms into ALE concept expressions.

2. The function g in Figure 2.4b maps ALE concept expressions into D1-terms.

Proof Sketch. Straightforward structural induction proof.

Lemma 3.1.4.

Entailment between terms or clauses is NP-complete for definition D1.

Proof. It follows from Theorem 2.8.1 that τ1 |= τ2 if and only if |= f(τ1) ⊑ f(τ2).

We also know by Lemma 3.1.3 that if τ1 and τ2 are terms with respect to D1,

then f(τ1) and f(τ2) must be concept expressions in ALE . This means that we

can reduce entailment between terms with respect to D1 to subsumption between

ALE concepts. As concept subsumption in ALE is known to belong to the class


NP (Theorem 2.8.3), it follows that entailment between D1-terms must also belong

to NP.

For NP-hardness, we use the function g from Figure 2.4b to map the concept

CU ,S from Figure 2.5 into a Kn formula ϕU ,S . We know from Lemma 3.1.3 that

ϕU ,S is a term with respect to D1, and from Theorem 2.8.1 that ϕU ,S is satisfiable

just in the case that the concept CU ,S is. As it was shown in [Don03] that U ,S

has an exact cover if and only if CU ,S is unsatisfiable, it follows that U ,S has an

exact cover if and only if ϕU ,S is unsatisfiable. But a term is unsatisfiable just in

the case that it entails the term ⊥. This means the XC decision problem can be

polynomially-reduced to entailment between D1-terms, making the latter problem

NP-hard and hence NP-complete.

In order to show the NP-completeness of clausal entailment, we remark that

for definition D1, the function Nnf transforms negations of clauses into terms and

negations of terms into clauses (cf. proof of Lemma 3.1.2). This means that we can

test whether a clause λ entails a clause λ′ by testing whether the term Nnf(¬λ′)

entails the term Nnf(¬λ). Likewise, we can test whether a term κ entails another

term κ′ by testing whether the clause Nnf(¬κ′) entails the clause Nnf(¬κ). As

the NNF transformation is polynomial, it follows that entailment between clauses

is exactly as difficult as entailment between terms, so clausal entailment is NP-

complete.

Remark 3.1.5.

For the proof of Lemma 3.1.4, we made use of the fact that Kn contains the symbols

⊤ and ⊥. If we choose not to include these symbols in the language, then we need

to modify the NP-hardness proof, since the formula ϕU ,S used in the reduction

contains both ⊤ and ⊥. The modification is straightforward: we replace occurrences

of ⊤ in ϕU ,S by a and replace ⊥ by ¬a. The resulting formula ϕ′U ,S is a D1-term

which is satisfiable whenever ϕU ,S is, so we can use ϕ′U ,S in place of ϕU ,S in the

proof.

Theorem 3.1.6.

Definition D1 satisfies properties P1, P2, P4, and P6, and falsifies properties

P3, P5, and P7.

Proof. Follows from Lemmas 3.1.2 and 3.1.4 and the preceding discussion.

Definition D2

If we take the notion of literals from D1 and use it to construct the set of clauses

and terms, we obtain the following definition:


L ::= ⊤ |⊥ | a | ¬a |2i L |3i L

D2 C ::= L |C ∨ C

T ::= L |T ∧ T

It can be easily verified that definition D2 satisfies properties P1-P3. For P6,

we again use the fact that D2 defines a context-free grammar. The proof of P4

is quite straightforward and similar that for definition D1, so will omit it here.

As for property P5, we can either use Theorem 3.1.1, or we can simply remark

that definition D2 is even less expressive than D1, and we have already shown D1

to falsify P5. The reduced expressiveness of D2 does not however improve its

computational complexity: property P7 is still not satisfied as we can show that

entailment between clauses or terms is NP-complete using exactly the same reduc-

tion as was used for definition D1. The fact that even an extremely inexpressive

definition like D2 does not allow for polynomial entailment between clauses and

terms suggests that property P7 cannot be satisfied by any reasonable definition

of clauses and terms for Kn.

Theorem 3.1.7.

Definition D2 satisfies properties P1- P4 and P6 and falsifies P5 and P7.

Proof. It is easy to see that every D2-clause is also a D1-clause, and likewise

every D2-term is also a D1-term. It follows then that for definition D2 entailment

between clauses or terms is feasible in non-deterministic polynomial time, since we

have already shown this to hold for D1 (Lemma 3.1.4).

To show NP-hardness, we simply remark that the Kn formula ϕU ,S which was

used in the proof of Lemma 3.1.4 is a term with respect to D2. This means we

can use exactly the same proof of NP-hardness that we used for D1 to show NP-

hardness of entailment between D2-terms. We can also use the same reasoning as

in the proof for D1 to transfer the NP-hardness result from terms to clauses.

For the other properties, refer to preceding discussion.

Definitions D3a and D3b

Given that even very inexpressive definitions like D2 fail to gain us polynomial

behavior, it seems reasonable to explore some more expressive options which allow

us to capture all of the expressivity of Kn. We begin with the following definition

of clauses that was proposed in [EF89] for the purpose of modal resolution:

D3 C ::= ⊤ |⊥ | a | ¬a |2i C |3iConjC |C ∨ C

ConjC ::= C |ConjC ∧ConjC


This definition of clauses can be extended to a definition of terms and literals which

satisfies P3 or P4, but there is no extension which satisfies both properties, as the

following theorem demonstrates:

Theorem 3.1.8.

There is no definition of literals, clauses, and terms which satisfies both P3 and

P4 and agrees with D3 on the set of clauses.

Proof. Let us suppose for a contradiction that we have a definition of literals,

clauses, and terms which satisfies P3 and P4 and defines the same set of clauses

as D3. Then it must be the case that the set of literals is defined as follows:

L ::= ⊤ |⊥ | a | ¬a |2i C |3i ConjC

Now consider the literal 31(a ∨ b). Because of property P4, there must be some

literal θ which is equivalent to ¬(31(a ∨ b)) ≡ 2i (¬a ∧ ¬b). Clearly, θ must

be of the form 21 θ′ for some clause θ′, since neither propositional literals nor

3-formulae can be equivalent to 2i (¬a ∧ ¬b) (by Theorem 2.3.3). This means

that the clause θ′ must be equivalent to ¬a ∧ ¬b. By Theorem 2.3.2, θ′ can only

contain propositional disjuncts and unsatisfiable 3-formulae. However, a single

propositional literal cannot imply both ¬a and ¬b, so θ′ must have only unsatisfiable

disjuncts, contradicting the fact that θ′ ≡ ¬a ∧ ¬b. This means that there is

no clause θ′ which is equivalent to ¬a ∧ ¬b, and hence no literal θ equivalent to

¬(31(a ∨ b)), contradicting our earlier assumption that P4 was satisfied.

Let us now consider one of the possible extensions of D3 which satisfies P4 and

a maximal subset of P1-P7:

L ::= ⊤ |⊥ | a | ¬a |2i L |3i L

D3a C ::= ⊤ |⊥ | a | ¬a |2i C |3i ConjC |C ∨ C

ConjC ::= C |ConjC ∧ ConjC

T ::= ⊤ |⊥ | a | ¬a |2iDisjT |3i T |T ∧ T

DisjT ::= T |DisjT ∨DisjT

It can be seen from inspection of definition D3a that it satisfies P1. Property P4

holds by construction, property P5 is a consequence of Proposition 1.3 in [EF89],

and property P6 holds since D3a defines a context-free grammar. As definition

D3a satisfies P1 and P5, it follows from Theorem 3.1.1 that property P2 cannot

hold. D3a also falsifies P3 as there are clauses that are not disjunctions of literals

– take for instance the clause 2(a ∨ b). Given that definition D3a is strictly more

expressive than definitions D1 and D2, it follows that entailment between clauses


or terms must be NP-hard, which means that D3a does not satisfy P7. In fact, we

can show that entailment between clauses or terms of definition D3a is Pspace-

complete, and hence of the same complexity as entailment between arbitrary Kn

formulae.

(i’) q0

(ii’)∧m

i=0(∧

j 6=i((¬qi ∨ ¬qj) ∧ 2(¬qi ∨ ¬qj) ∧ ... ∧ 2m(¬qi ∨ ¬qj)))

(iiia’)∧m

i=0((¬qi ∨ 3qi+1) ∧ 2(¬qi ∨ 3qi+1) ∧ ... ∧ 2

m(¬qi ∨ 3qi+1))

(iiib’)∧

{i|Qi=∀} 2i(¬qi ∨ 3(qi+1 ∧ pi+1)) ∧ 2

i(¬qi ∨ 3(qi+1 ∧ ¬pi+1))

(iv’)∧m−1

i=1(∧m−1

j=i (2j(¬pi ∨ 2pi) ∧ 2j(pi ∨ 2¬pi)))

(v’) 2m(¬qm ∨ θ1) ∧ .... ∧ 2

m(¬qm ∨ θl)

Figure 3.1: The formula f ′(β) is the conjunction of the above formulae, where the

formulae θi in (v’) are propositional clauses such that θ ≡ θ1 ∧ ... ∧ θl.

Lemma 3.1.9.

Entailment between clauses (resp. terms) with respect to definition D3a is Pspace-

hard.

Proof. Membership in Pspace is immediate since entailment between arbitrary

formulae in Kn can be decided in polynomial space (Corollary 2.5.2).

To prove Pspace-hardness, we adapt the proof of Pspace-hardness of K out-

lined in Chapter 2. Specifically, we show how the formula f(β) (Figure 2.2) which

was used to encode the QBF validity problem can be rewritten as a conjunction of

D3a-clauses. Our modified encoding f ′(β) is given in Figure 3.1. We claim that

the following:

(1) f(β) and f ′(β) are logically equivalent

(2) if θ is in CNF, then f ′(β) is a conjunction of clauses with respect to D3a

(3) if θ is in CNF, then f ′(β) can be generated in polynomial time from f(β)

To show (1), it suffices to show that (i)≡(i’), (ii)≡(ii’), (iiia)≡(iiia’), (iiib)≡(iiib’),

(iv)≡(iv’), and (v)≡(v’). The first equivalence is immediate since (i) and (i’) are

identical. (ii)≡(ii’) follows from the fact that 2k(qi →

∧

j 6=i ¬qj) ≡∧

j 6=i2k(¬qi ∨

¬qj). (iiia)≡(iiia’) holds since (iiia’) is just (iiia) with qi → 3qi+1 replaced with

¬qi∨3qi+1. We have (iiib)≡(iiib’) since 2i(qi → (3(qi+1∧pi+1)∧3(qi+1∧¬pi+1))) ≡

2i(¬qi ∨ 3(qi+1 ∧ pi+1)) ∧ 2

i(¬qi ∨ 3(qi+1 ∧ ¬pi+1)). The equivalence (iv)≡(iv’)

holds as 2j((pi → 2pi)∧ (¬pi → 2¬pi)) ≡ 2

j(¬pi ∨2pi)∧2j(pi ∨2¬pi). Finally,

we have (v)≡(v’) since θ ≡ θ1∧...∧θl. Thus, f(β) and f ′(β) are logically equivalent.


To prove (2), we show that each of the component formulae in f ′(β) is a con-

junction of clauses with respect to D3a, provided that θ is in CNF. Clearly this is

the case for (i’) as (i’) is a propositional literal. The formula (ii’) is also a conjunc-

tion of clauses with respect to D3a since it is a conjunction formulae of the form

2k(¬qi∨¬qj). Similarly, (iiia’), (iiib’), and (iv’) are all conjunctions of clauses since

the formulae 2k(¬qi ∨3qi+1), 2

i(¬qi ∨3(qi+1 ∧ pi+1)), 2i(¬qi ∨3(qi+1 ∧ ¬pi+1)),

2k(¬pi∨2pi), and 2

k(pi∨2¬pi) are all clauses with respect to D3a. The formula

(v’) must also be a conjunction of clauses since the θi are assumed to be proposi-

tional clauses, making each 2m(¬qm ∨ θi) a clause with respect to D3a, and (v’) a

conjunction of clauses with respect to D3a.

For (3), it is clear that we can transform (i), (iiia), (iiib), and (iv) into (i’),

(iiia’), (iiib’), and (iv’) in polynomial time as the transformations involve only

simple syntactic operations and the resulting formulae are at most twice as large.

The transformation from (ii) to (ii’) is very slightly more involved, but it is not too

hard to see the resulting formula is at most m times as large as the original (and m

can be no greater than the length of f(β)). The only step which could potentially

result in an exponential blow-up is the transformation from (v) to (v’), as we put θ

into CNF. But under the assumption that θ is already in CNF, the transformation

can be executed in polynomial time and space, as all we have to do is separate θ

into its conjuncts and rewrite the (qm → θi) as (¬qm ∨ θi).

Now let β = Q1p1...Qmpmθ be a QBF such that θ = θ1 ∧ ... ∧ θl for some

propositional clauses θi. Let f ′(β) be the formula as defined in Figure 3.1. By (2)

above, we know that f ′(β) = λ1 ∧ ... ∧ λp for some clauses λi with respect to D3a.

Now consider the formula ζ = 3(2λ1 ∧ ...∧2λp ∧3⊤). We can show that f ′(β) is

satisfiable if and only if ζ is satisfiable as follows:

ζ is unsatisfiable

⇔ 2λ1 ∧ ... ∧ 2λp ∧ 3⊤ is unsatisfiable

⇔ λ1 ∧ ... ∧ λp ∧ ⊤ is unsatisfiable

⇔ λ1 ∧ ... ∧ λp is unsatisfiable

⇔ f ′(β) is unsatisfiable

But we also know from (1) above that f ′(β) ≡ f(β), and from the proof of Theorem

2.5.1 that f(β) is satisfiable just in the case that β is a QBF validity. It is also

easy to see that ζ is satisfiable if and only if ζ does not entail the contradiction

⊥. Putting this altogether, we find that β is valid just in the case that ζ does

not entail ⊥. As ζ and ⊥ are both clauses and terms with respect to D3a, we

have shown that the QBF-validity problem for QBF with propositional formulae in


CNF can be reduced to the problems of entailment of clauses or terms with respect

to D3a. Moreover, this is a polynomial time reduction since it follows from (3)

that the transformation from β to ζ can be accomplished in polynomial time. This

suffices to show Pspace-hardness, since it is well-known that QBF-validity remains

Pspace-hard even when we restrict the propositional part θ to be a formula in CNF

(cf. [Pap94]).

As for the complexity of entailment between D3a-terms, we simply remark

that λ |= ⊥ just in the case that ⊤ |= ¬λ (Theorem 2.3.1). As the NNF of the

negation of D3a-clause is a D3a-term (this can be shown by a very simple inductive

argument), it follows that we can reduce clausal entailment to entailment between

terms, making the later problem Pspace-hard, and thus Pspace-complete.

Remark 3.1.10.

If we decide not to include ⊤ and ⊥ in K, then we must modify the proof of Lemma

3.1.9 by replacing ⊤ with some tautologous D3a-clause (e.g. 2(a∨¬a)) and ⊥ with

some unsatisfiable D3a-clause (e.g. 3(a ∧ ¬a)).

Theorem 3.1.11.

Definition D3a satisfies properties P1, and P4-P6, and it falsifies properties P2,

P3, and P7.

Proof. Follows from Lemma 3.1.9 and the preceding discussion.

If instead we extend D3 so as to enforce property P3, we obtain the following

definition:

L ::= ⊤ |⊥ | a | ¬a |2i C |3iConjC

D3b C ::= L |C ∨ C

ConjC ::= C |ConjC ∧ConjC

T ::= L |T ∧ T

Definition D3b satisfies all of the properties except P2, P4, and P7. Property P4

fails to hold because the negation of the literal 31(a ∨ b) is not equivalent to any

literal. Property P7 fails to hold for the same reasons as for definition D3a. To

prove that P5 holds, we use standard logical equivalences to rewrite formulae as

equivalent conjunctions of clauses and disjunctions of terms.

Theorem 3.1.12.

Definition D3b satisfies properties P1, P3, P5, and P6, and falsifies P2, P4,

and P7.


Proof. The satisfaction of properties P1 and P3 can be immediately determined

by inspection of definition D3b, as can the dissatisfaction of property P2. It was

shown in the proof of Theorem 3.1.8 that the negation of the literal 31(a∨ b) is not

equivalent to any literal, which means property P4 is falsified. We will prove later

in this subsection that property P5 holds for definition D5, and we will transfer

the result to D3b by showing that clauses and terms with respect to D5 are also

clauses and terms with respect to D3b. Property P6 follows from the tractability

of recognition for context-free grammars [You67].

For P7, we first remark that D3a and D3b define exactly same set of clauses,

which means that we can use the same proof as was used for D3a to show that

entailment between D3b-clauses is Pspace-complete. For D3a-terms, we use the

fact that the formula ζ used in the reduction for D3a-clauses is in fact a term with

respect to D3b (this can be easily verified). Thus, the proof of Pspace-hardness of

entailment between D3a-clauses also gives us the Pspace-hardness of entailment

between D3b-terms.

Definition D4

The next definition which we will consider is a very simple definition that sat-

isfies properties P3, P4, and P5. The definition, which is inspired by the notion

of modal atom proposed in [GS96], defines literals as the set of formulae in NNF

that cannot be decomposed propositionally.

L ::= ⊤ |⊥ | a | ¬a |2i ϕ |3i ϕ

D4 C ::= L |C ∨ C

T ::= L |T ∧ T

ϕ ::= a | ¬a |ϕ ∧ ϕ |ϕ ∨ ϕ |2ϕ |3ϕ

Definition D4 can be shown to satisfy all of the properties except P2 and P7.

For P7, we note that an arbitrary formula ϕ in NNF is unsatisfiable (a Pspace-

complete problem) if and only if 3ϕ |= ⊥.

Theorem 3.1.13.

Definition D4 satisfies properties P1, P3-P6, and it falsifies properties P2 and

P7.

Proof. The satisfaction or dissatisfaction of properties P1, P2, and P3 can be

verified immediately from inspection of definition D4.

The proof of property P4 is straightforward. First, the proof for literals: the

negation of the literal a is equivalent to the literal ¬a; the negation of the lit-


eral ¬a is equivalent to the literal a; the negation of the literal 2i ϕ is equivalent

to 3iNnf(¬ϕ) (which is a literal since Nnf(¬ϕ) is a formula in NNF which is

equivalent to ¬ϕ); and the negation of the literal 3i ϕ is equivalent to the literal

2iNnf(¬ϕ). Then to show the result for clauses and terms, we simply use the

fact that negations of disjunctions of formulae are equivalent to conjunctions of

the negations of their disjuncts and the negations of conjunctions of formulae are

equivalent to the disjunctions of the negations of their conjuncts.

For P5, we note that the procedure Dnf from Chapter 2 can be used to rewrite

any arbitrary Kn formula as an equivalent disjunction of terms with respect to

D4. The procedure Cnf can be used to transform Kn formulae into equivalent

conjunctions of D4-clauses. Note that both Dnf and Cnf return formulae with

the same signature and depth as the original formula (we will require this fact in a

later chapter).

For P6, we use the tractability of membership for context-free grammars, and

for P7, we refer to the reduction outlined in the preceding discussion.

Definition D5

Definition D4 is very liberal, imposing almost no structure on the formulae

behind modal operators. If we define literals to be the formulae in NNF that

cannot be decomposed modally (instead of propositionally), we obtain a much more

restricted definition which satisfies exactly the same properties as D4.

L ::= ⊤ |⊥ | a | ¬a |2i C |3i T

D5 C ::= L |C ∨ C

T ::= L |T ∧ T

To prove that P5 holds, we show how arbitrary Kn formulae can be rewritten as

conjunctions of clauses or disjunctions of terms with respect to definition D5 by

using standard logical equivalences.

Lemma 3.1.14.

Definition D5 satisfies P5.

Proof. We demonstrate that any formula in Kn in NNF is equivalent to a formula

in conjunction of clauses with respect to definition D5. The restriction to formulae

in NNF is without loss of generality as every formula is equivalent to a formula

in NNF (cf. Theorem 2.4.2). The proof proceeds by induction on the structural

complexity of formulae. The base case is propositional literals, which are already

conjunctions of clauses since every propositional literal is a clause with respect to


D5. We now suppose that the statement holds for formulae ψ1 and ψ2 and show

that it holds for more complex formulae.

We first consider ϕ = ψ1 ∧ ψ2. By assumption, we can find clauses ρi and ζj

such that ψ1 ≡ ρ1 ∧ ... ∧ ρn and ψ2 ≡ ζ1 ∧ ... ∧ ζm. Thus, ϕ is equivalent to the

formula ρ1 ∧ ...∧ ρn ∧ ζ1 ∧ ...∧ ζm, which is a conjunction of clauses with respect to

definition D5.

Next we consider ϕ = ψ1 ∨ ψ2. By the induction hypothesis, we have ψ1 ≡

ρ1∧...∧ρn and ψ2 ≡ ζ1∧...∧ζm for some clauses ρi and ζj. Thus, ϕ ≡ (ρ1∧...∧ρn)∨

(ζ1∧...∧ζm), which can be written equivalently as ϕ ≡ ∧(i,j)∈{1,...,n}×{1,...,m}(ρi∨ζj).

Since the union of two clauses produces another clause, all of the ρi∨ζj are clauses,

completing the proof.

We now consider the case where ϕ = 2k ψ1. By assumption, ψ1 ≡ ρ1 ∧ ... ∧ ρn,

where each ρi is a clause. So ϕ ≡ 2k (ρ1 ∧ ...∧ ρn). But we also know that 2k (ρ1 ∧

... ∧ ρn) ≡ 2k ρ1 ∧ ... ∧ 2k ρn. It follows that ϕ is equivalent to 2k ρ1 ∧ ... ∧ 2k ρn,

which is a conjunction of clauses since the 2k ρi are all clauses.

Finally, we consider ϕ = 3k ψ1. Using the induction hypothesis, we have ϕ ≡

3k (ρ1 ∧ ...∧ ρn) for clauses ρi. But since the ρi are clauses, each ρi is a disjunction

of literals li,1 ∨ ... ∨ li,pi. After distributing ∧ over ∨ and ∨ over 3, we find that ϕ

is equivalent to the formula

∨

(j1,...,jn)∈{1,...,p1}×...×{1,...,pn}

3k (l1,j1 ∧ l2,j2 ∧ ... ∧ ln,jn)

which is a clause with respect to D5.

The proof that every formula is equivalent to a disjunction of terms with respect

to D5 proceeds analogously.

Theorem 3.1.15.

Definition D5 satisfies properties P1, P3-P6, and it falsifies P2 and P7.

Proof. Properties P1-P3 can be verified by inspection of definition D5. We omit

the proof for P4 as it is quite similar (but more tedious) than the proof for D4.

Property P5 was proven in Lemma 3.1.14, and for property P6 we again use the fact

that the membership problem for context-free grammars is tractable. For property

P7, we can show that entailment between clauses or terms is Pspace-complete by

using exactly the same proof as was given for D3a (see Lemma 3.1.9). This proof

is applicable to D5 since the formula f ′(β) which was used to encode instances of

QBF is also a conjunction of clauses with respect to D5.

Finally, we close this subsection by showing that the sets of clauses and terms

with respect to D5 are properly included in the sets of clauses and terms for def-


inition D3b. We require this result in order to transfer our proof of property P5

to definition D3b.

Theorem 3.1.16.

Every clause (resp. term) with respect to D5 is a clause (resp. term) with respect

to definition D3b.

Proof. We will show by induction on the structural complexity of formulae that:

1. every clause C with respect to D5 is a clause with respect to definition D3b

2. every term T with respect to D5 is a term with respect to definition D3b

and a conjunction of clauses with respect to D3b

We require this stronger formulation of the statement to prove some of the sub-

cases.

The base case for our induction is propositional literals, which are both clauses

and terms with respect to D5. It is easy to see that (1) and (2) are verified since

propositional literals are both clauses and terms with respect to definitions D3b

(and hence they are also conjunctions of clauses with respect to D3b).

For the induction step, we will show that the above statements hold for arbitrary

clauses or terms w.r.t. D5 under the assumption that the statements hold for all

of their proper sub-clauses and sub-terms.

We begin with clauses. Let C be a D5-clause such that all proper sub-clauses

and sub-terms of C satisfy (1) and (2). Now since C is a clause with respect to

D5, it can either be a propositional literal or a formula of the form C1 ∨ C2 for

clauses C1 and C2, 2k C1 for some clause C1, or 3k T1 for some term T1. The case

where C is a propositional literal has already been treated in the base case. Let

us thus consider the case where C = C1 ∨ C2. By the induction hypothesis both

C1 and C2 are clauses with respect to definition D3b and for definition D3b the

disjunction of two clauses is a clause, so statement (1) is verified. We next consider

the case where C = 2k C1 for some clause C1 with respect to D5. Statement (1)

follows easily as we know that C1 must also be a clause with respect to D3b, and

for definition D3b putting a 2 modality before a clause yields another clause. We

now suppose that C = 3k T1 for some term T1 with respect to D5. We know from

the induction hypothesis that T1 is a conjunction of clauses with respect to D3b

and hence that 3k T1 is a clause with respect to D3b.

We next consider terms. Let T be a D5-term such that all proper sub-clauses

and sub-terms of T satisfy (1) and (2). Then T must be either a propositional

literal or a formula of the form T1 ∧ T2 for terms T1 and T2, 2k C1 for some clause

C1, or 3k T1 for some term T1. If T = T1 ∧T2, then the first part of (2) holds since

we know T1 and T2 to be terms with respect to D3b, and conjunctions of terms are


also terms for definition D3b. The second half is also verified since both T1 and T2

are assumed to be conjunctions of clauses with respect to D3b, which means that

T is also a conjunction of clauses with respect to this definition. Next suppose that

T = 2k C1. Since C1 is known to be a clause with respect to D3b, the formula

2k C1 is a literal, and hence both a term and clause with respect to definition D3b.

Finally, we treat the case where T = 3k T1. We use the assumption that T1 is

a conjunction of clauses with respect to D3b, from which we get that 3k T1 is a

literal, and hence both a term and a clause with respect to D3b.

3.1.3 Summary and discussion

A summary of our analysis of the different definitions with respect to properties

P1-P7 is provided in Figure 3.2.

D1 D2 D3a D3b D4 D5

P1 yes yes yes yes yes yes

P2 yes yes no no no no

P3 no yes no yes yes yes

P4 yes yes yes no yes yes

P5 no no yes yes yes yes

P6 yes yes yes yes yes yes

P7 no (NP-complete) no (Pspace-complete)

Figure 3.2: Properties of candidate definitions of literals, clauses, and terms.

Deciding between different candidate definitions is of course more complicated

than counting up the number of properties that the definitions satisfy, the simple

reason being that some properties are more important than others. Take for in-

stance property P5 which requires clauses and terms to be expressive enough to

represent all of the formulae in Kn. If we just use the standard propositional def-

inition of clauses and terms (thereby disregarding the modal operators), then we

find that it satisfies every property except P5, and hence more properties than any

of the definitions considered in this section, and yet we would be hard-pressed to

find someone who considers the propositional definition an appropriate definition

for Kn. This demonstrates that expressiveness is a particularly important property,

so important in fact that we should be willing to sacrifice properties P2 and P7 to

keep it. Among the definitions that satisfy P5, we prefer definitions D4 and D5

to definitions D3a and D3b, as the latter definitions have less in common with the

propositional definition and present no advantages over D4 and D5.


Of course, when it comes down to it, the choice of a definition must depend on

the particular application in mind. There may very well be circumstances in which

a less expressive or less elegant definition may prove to be the most suitable. In

this thesis, we are using clauses and terms to define prime implicates and prime

implicants, so for us the most important criteria for choosing a definition will be the

quality of the notions of prime implicates and prime implicants that the definition

induces.

3.2 Defining Prime Implicates and

Prime Implicants in Kn

In the previous section, we introduced a number of different possible definitions

of clauses and terms in Kn. Each of these definitions gives rise to corresponding

notions of prime implicates and prime implicants. The objective of the present

section will be to evaluate to what extent the notions of prime implicates and

prime implicants induced by the various definitions are suitable generalizations of

the propositional notions.

3.2.1 Basic definitions

Once a definition of clauses and terms for Kn has been fixed, prime implicates

and prime implicants can be defined in exactly the same manner as in propositional

logic:

Definition 3.2.1.

A clause λ is an implicate of a formula ϕ if and only if ϕ |= λ. A clause λ is a

prime implicate of ϕ if and only if:

1. λ is an implicate of ϕ

2. If λ′ is an implicate of ϕ such that λ′ |= λ, then λ |= λ′

Definition 3.2.2.

A term κ is an implicant of the formula ϕ if and only if κ |= ϕ. A term κ is a prime

implicant of ϕ if and only if:

1. κ is an implicant of ϕ

2. If κ′ is an implicant of ϕ such that κ |= κ′, then κ′ |= κ

Of course, the quality of the notion of prime implicate (resp. implicant) that we

get will be determined by the definition of clause (resp. term) that we have chosen.

78 3.2. Defining Prime Implicates and Prime Implicants in Kn

3.2.2 Desirable properties

Our evaluation of the different notions of prime implicates and prime implicants

in Kn will be based on the following set of well-known properties of the propositional

notions (cf. [Mar00]):

Finiteness The number of prime implicates (resp. prime implicants) of a formula

is finite modulo logical equivalence.

Covering Every implicate of a formula is entailed by some prime implicate of the

formula. Similarly, every implicant of a formula entails some prime implicant

of the formula.

Equivalence A model M is a model of ϕ if and only if M is a model of all the prime

implicates of ϕ if and only if M is a model of at least one prime implicant of

ϕ 2.

Implicant-Implicate Duality Every prime implicant of a formula is equivalent

to the negation of some prime implicate of the negated formula. Conversely,

every prime implicate of a formula is equivalent to the negation of a prime

implicant of the negated formula.

Distribution If λ is a prime implicate of ϕ1 ∨ ... ∨ ϕn, then there exist prime

implicates λ1, ..., λn of ϕ1, ..., ϕn such that λ ≡ λ1 ∨ ... ∨ λn. Likewise, if κ

is a prime implicant of ϕ1 ∧ ... ∧ϕn, then there exist prime implicants κ1, ...,

κn of ϕ1, ..., ϕn such that κ ≡ κ1 ∧ ... ∧ κn

Finiteness ensures that the prime implicates/implicants of a formula can be

finitely represented, which is of course essential if we aim to use prime impli-

cates/implicants in applications. The Covering property requires that the prime

implicates provide a complete representation of the formula’s implicates (and simi-

larly for implicants), a crucial property when one uses these notions for knowledge

compilation. Equivalence guarantees that no information is lost in replacing a for-

mula by its prime implicates/implicants. Definitions which satisfy Finiteness and

Covering also satisfy Equivalence, but the converse does not necessarily hold.

Implicant-Implicate Duality allows us to transfer results and algorithms for

prime implicates to prime implicants, and vice-versa. Finally, Distribution relates

the prime implicates/implicants of a formula to the prime implicates/implicants of

its sub-formulae. This property will play a key role in the prime implicate genera-

tion algorithm presented in the next chapter.

2. The property Equivalence is more commonly taken to mean that a formula is equivalent

to the conjunction of its prime implicates and the disjunction of its prime implicants. We have

chosen a model-theoretic formulation in order to allow for the possibility that the set of prime

implicates/implicants is infinite.


3.2.3 Analysis of candidate definitions

In this subsection, we evaluate the notions of prime implicates and prime im-

plicants induced by each of the different candidate definitions of clauses and terms

using the criteria set forth in the previous subsection. Our results will show that

definition D4 yields a notion of prime implicates and prime implicants which satisfy

all of the stated criteria, and moreover, that it is the only candidate definition with

this property.

Analysis of definitions D1 and D2

For definitions D1 and D2, we show that Equivalence does not hold.

Theorem 3.2.3.

The notions of prime implicates and prime implicants induced by definitions D1

and D2 do not satisfy Equivalence.

Proof. The proof is the same for both definitions. Suppose that Equivalence

holds. Then for every formula ϕ, the set Π of prime implicates of ϕ is equivalent to

ϕ. But this means that the set Π∪{¬ϕ} is inconsistent, and hence by compactness

of Kn (Theorem 2.7.3) that there is some finite subset S ⊆ Π ∪ {¬ϕ} which is

inconsistent. If ϕ 6≡ ⊥, then we know that the set S must contain ¬ϕ because

the set of prime implicates of ϕ cannot be inconsistent. But then the conjunction

of elements in S \ {¬ϕ} is a conjunction of clauses which is equivalent to ϕ. It

follows that every formula ϕ is equivalent to some conjunction of clauses. As we

have shown earlier in the proof of Theorem 3.1.1 that there are formulae which are

not equivalent to a conjunction of clauses with respect to D1 or D2, it follows that

Equivalence cannot hold for these definitions.

Analysis of definitions D3a, D3b, and D5

For definitions D3a, D3b, and D5, we will show that the clause 2(3ka) ∨

3(a ∧ b ∧ 2k¬a) is a prime implicate of 2(a ∧ b) for every k ≥ 1. We thereby

demonstrate not only that these definitions admit formulae with infinitely many

prime implicates but also that they allow seemingly irrelevant clauses to be counted

as prime implicates. This gives us strong grounds for dismissing these definitions

as much of the utility of prime implicates in applications comes from their ability

to eliminate such irrelevant consequences.

Theorem 3.2.4.

The notions of prime implicates and prime implicants induced by definitions D3a,

D3b, and D5 do not satisfy Finiteness.


Proof. Suppose that clauses are defined with respect to definition D3a, D3b, or D5

(the proof is the same for all three definitions). Consider the formula ϕ = 2(a∧ b).

It follows from Theorem 2.3.3 that ϕ implies λk = 2(3ka)∨3(a∧b∧2k¬a) for every

k ≥ 1. As the formulae λk are clauses (with respect to D3a, D3b, and D5), the

λk are all implicates of ϕ. To complete the proof, we show that every λk is a prime

implicate of ϕ. Since the λk are mutually non-equivalent (because 2p¬a 6|= 2

q¬a

whenever p 6= q), it follows that ϕ has infinitely many prime implicates modulo

equivalence.

Consider some λk and some implicate µ = 3ψ1 ∨ ... ∨ 3ψm ∨ 2χ1 ∨ ... ∨ 2χn of ϕ

that implies it (by Theorem 2.3.2 there cannot be any propositional literals in µ).

Using Theorem 2.3.3 and the fact that ϕ |= µ |= λk, we get the following:

(a) a ∧ b |= χi ∨ ψi ∨ ... ∨ ψm for some χi

(b) χi |= (3ka) ∨ (a ∧ b ∧ 2k¬a) for every χi

(c) ψ1 ∨ ... ∨ ψm |= a ∧ b ∧ 2k¬a

Let χi be such that a∧ b |= χi∨ψi∨ ...∨ψm. We remark that χi must be satisfiable

since otherwise we can combine (a) and (c) to get a∧b |= a∧b∧2k¬a. Now by (b),

we know that χi |= (3ka)∨(a∧b∧2k¬a) and hence that χi∧(2k¬a)∧(¬a∨¬b∨3

ka)

is inconsistent. It follows that both χi ∧ (2k¬a) ∧ ¬a and χi ∧ (2k¬a) ∧ ¬b are

inconsistent. Using Theorem 2.3.1, we find that either χi |= 3ka or χi |= a ∧ b. As

χi is a satisfiable clause with respect to definitions D3a, D3b, and D5, it cannot

imply a ∧ b, so we must have χi |= 3ka. By putting (a) and (c) together, we find

that

a ∧ b ∧ ¬χi |= ψ1 ∨ ... ∨ ψm |= a ∧ b ∧ 2k¬a

It follows that ¬χi |= 2k¬a, i.e. 3

ka |= χi. We thus have χi ≡ 3ka and ψ1 ∨ ... ∨

ψm ≡ a ∧ b ∧ 2k¬a. As 3

ka |= χi and a ∧ b ∧ 2k¬a |= ψ1 ∨ ... ∨ ψm, by Theorem

2.3.3 we get 2(3ka) ∨ 3(a ∧ b ∧ 2k¬a) |= 2χi ∨ 3ψi ∨ ... ∨ 3ψm |= µ and hence

λk ≡ µ. We have thus shown that any implicate of ϕ which implies λk must be

equivalent to λk. This means that each λk is a prime implicate of ϕ, completing

the proof.

Analysis of definition D4

We will now show that the notions of prime implicates and prime implicants

induced by definition D4 satisfy all of the desired properties. We start off by

proving that Implicant-Implicate Duality holds, as we will make use of this

result in the proofs of some of the other properties.


Theorem 3.2.5.

The notions of prime implicates and prime implicants induced by definition D4

satisfies Implicant-Implicate Duality.

Proof. Suppose for a contradiction that we have a prime implicant κ of some formula

ϕ which is not equivalent to the negation of a prime implicate of ¬ϕ. Let λ be a

clause which is equivalent to ¬κ (there must exist such a clause because of property

P4, cf. Theorem 3.1.13). The clause λ is an implicate of ¬ϕ since κ |= ϕ and λ ≡ ¬κ.

Since we have assumed that λ is not a prime implicate, there must be some implicate

λ′ of ¬ϕ such that λ′ |= λ and λ 6|= λ′. But then let κ′ be a term equivalent to

¬λ′ (here again we use P4). Now κ′ must be an implicant of ϕ since ¬ϕ |= ¬κ′.

Moreover, κ′ is strictly weaker than κ since λ′ |= λ and λ 6|= λ′ and κ ≡ ¬λ and

κ′ ≡ ¬λ′. But this means that κ cannot be a prime implicant, contradicting our

earlier assumption. Hence, we can conclude that every prime implicant of a formula

ϕ is equivalent to the negation of some prime implicate of ¬ϕ. The proof that every

prime implicate of a formula ϕ is equivalent to the negation of a prime implicant

of ¬ϕ proceeds analogously.

For the proofs of Finiteness and Covering, we will require the following lemma

which allows us to restrict our attention to those implicates/implicants of a formula

whose depths are no greater than that of the formula and whose signatures are

contained in the signature of the formula.

Lemma 3.2.6.

Every implicate λ (w.r.t. definition D4) of a formula ϕ is entailed by some implicate

λ′ (w.r.t. definition D4) of ϕ with sig(λ′) ⊆ sig(ϕ) and with depth at most δ(ϕ).

Likewise every implicant κ (w.r.t. definition D4) of ϕ entails an implicant κ′ (w.r.t.

definition D4) of ϕ with sig(κ′) ⊆ sig(ϕ) and depth at most δ(ϕ).

Proof. We intend to show that the following statement holds: for any formula ϕ

and any implicate λ of ϕ, there exists a clause λ′ such that ϕ |= λ′ |= λ and

sig(λ′) ⊆ sig(ϕ) and δ(λ) ≤ δ(ϕ). So let ϕ be an arbitrary formula, and let λ be

some implicate of ϕ. If ϕ is a tautology, then we can set λ′ = ⊤. If λ ≡ ⊥, then

we can set λ′ = ⊥, as this clause verifies all of the necessary conditions. Now we

consider the case where neither ϕ nor λ is a tautology or a falsehood, and we show

how to construct the clause λ′. The first thing we do is use the transformation Dnf

from Chapter 2 to rewrite ϕ as a disjunction of terms Ti with respect to D4 such

that the Ti contain only the variables appearing in ϕ and have depth at most δ(ϕ):

ϕ ≡ T1 ∨ ... ∨ Tz


As ϕ |= λ, it must be the case that Ts |= λ for every Ts (1 ≤ s ≤ z). Our

aim is to find a clause λs for each of the terms Ts such that Ts |= λs |= λ and

sig(λs) ⊆ sig(Ts) and δ(λs) ≤ δ(Ts). So consider some Ts. Since Ts is a term, it

has the form

γ1 ∧ ... ∧ γk ∧n∧

i=1

(3i ψi,1 ∧ ... ∧ 3i ψi,li ∧ 2i χi,1 ∧ ... ∧ 2i χi,mi)

where γ1, ..., γk are propositional literals. As λ is a clause, it must be of the form

ρ1 ∨ ... ∨ ρp ∨n∨

i=1


where ρ1, ..., ρp are propositional literals. As Ts |= λ, it must be the case that the

formula


)∧

¬ρ1 ∧ ... ∧ ¬ρp ∧∧ni=1(2i ¬ǫi,1 ∧ ... ∧ 2i ¬ǫi,qi ∧ 3i ¬ζi,1 ∧ ... ∧ 3i ¬ζi,ri)

is unsatisfiable. It follows from Theorem 2.3.1 that one of the following must hold:

(a) γ1 ∧ ... ∧ γk ∧ ¬ρ1 ∧ ... ∧ ¬ρp |= ⊥

(b) there exists some 1 ≤ i ≤ n and some 1 ≤ u ≤ li such that


(c) there exists some 1 ≤ i ≤ n and some 1 ≤ u ≤ ri such that


Now if (a) holds, then there must be u and v such that γu = ρv. We can then set

λs = γu since Ts |= γu |= λ, δ(γu) = 0 ≤ δ(Ts), and sig(γu) = {γu} ⊆ sig(Ts). If it

is (b) that holds, then it must be the case that

ψi,u ∧ χi,1 ∧ ... ∧ χi,mi|= ǫi,1 ∨ ... ∨ ǫi,qi

and hence that

3i (ψi,u ∧ χi,1 ∧ ... ∧ χi,mi) |= 3i ǫi,1 ∨ ... ∨ 3i ǫi,qi |= λ

We can set λs = 3i (ψi,u∧χi,1∧...∧χi,mi), since Ts |= 3i (ψi,u∧χi,1∧...∧χi,mi

) |= λ,

δ(3i (ψi,u∧χi,1∧ ...∧χi,mi)) ≤ δ(Ts), and sig(3i (ψi,u∧χi,1∧ ...∧χi,mi

)) ⊆ sig(Ts).

Finally, if (c) holds, then it must be the case that

χi,1 ∧ ... ∧ χi,mi|= ǫi,1 ∨ ... ∨ ǫi,qi ∨ ζi,u

and hence that

2(χi,1 ∧ ... ∧ χi,mi) |= 3i ǫi,1 ∨ ... ∨ 3i ǫi,qi ∨ 2i ζi,u |= λ


So we can set λs = 2(χi,1 ∧ ...∧ χi,mi), as Ts |= 2(χi,1 ∧ ...∧ χi,mi

) |= λ, δ(2(χi,1 ∧

... ∧ χi,mi)) ≤ δ(Ts), and sig(2(χi,1 ∧ ... ∧ χi,mi

)) ⊆ sig(Ts). Thus, we have shown

that for every Ts, there is some λs such that Ts |= λs |= λ and sig(λs) ⊆ sig(Ts) and

δ(λs) ≤ δ(Ts). But then λ1 ∨ ... ∨ λz is a clause implied by every Ts, and hence by

ϕ, and such that sig(λs) ⊆ ∪zs=1sig(Ts) ⊆ sig(ϕ) and δ(λs) ≤ maxs δ(Ts) ≤ δ(ϕ).

Now let κ be an implicant of ϕ, and let λ be the formula Nnf(¬κ). We know

from Theorem 2.4.2 that λ ≡ ¬κ, and it is straightforward to show that λ must be

a clause with respect to D4. But then λ is an implicate of ¬ϕ, so there must be

some clause λ′ with sig(λ′) ⊆ sig(¬ϕ) = sig(ϕ) and depth at most δ(¬ϕ) = δ(ϕ)

such that ¬ϕ |= λ′ |= λ. Let κ′ be Nnf(¬λ′). It can be easily verified that κ′ is a

term. Moreover, by Theorem 2.4.2, we have κ′ ≡ ¬λ′, sig(κ′) = sig(¬λ′) = sig(λ′),

and δ(κ′) = δ(¬λ′) = δ(λ′). But then κ′ is a term such that sig(κ′) ⊆ sig(ϕ),

δ(κ′) ≤ δ(ϕ), and κ |= κ′ |= ϕ.

Theorem 3.2.7.


satisfy Finiteness.

Proof. Consider an arbitrary formula ϕ. From Lemma 3.2.6, we know that for each

prime implicate λ of ϕ, there must be an implicate λ′ of ϕ containing only those

propositional atoms and modal operators appearing in ϕ and such that δ(λ′) ≤ δ(ϕ)

and λ′ |= λ. But since λ is a prime implicate, we must also have λ |= λ′ and hence

λ ≡ λ′. Thus, every prime implicate of ϕ is equivalent to some clause built from the

finite set of propositional symbols and modal operators appearing in ϕ and having

depth at most δ(ϕ). As there are only finitely many non-equivalent formulae on

a finite alphabet and with fixed depth, it follows that there can be only finitely

many distinct prime implicates. By Theorem 3.2.5, every prime implicant of ϕ is

equivalent to the negation of some prime implicate of ¬ϕ. It follows then that every

formula can only have finitely many distinct prime implicants.

Theorem 3.2.8.


satisfy Covering.

Proof. Let ϕ be an arbitrary formula. From Lemma 3.2.6, we know that every

implicate of ϕ is entailed by some implicate of ϕ whose signature is contained in

sig(ϕ) and whose depth is at most δ(ϕ). Now consider the following set

Σ = {σ |ϕ |= σ, σ is a clause, sig(σ) ⊆ sig(ϕ), δ(σ) ≤ δ(ϕ)}


and define another set Π from Σ as follows:

Π = {σ ∈ Σ | 6 ∃σ′ ∈ Σ. σ′ |= σ and σ 6|= σ′}

In other words, Π is the set of all of the logically strongest implicates of ϕ having

depth at most δ(ϕ) and built from the propositional letters and modal operators

in ϕ. We claim the following:

(1) every π ∈ Π is a prime implicate of ϕ

(2) for every implicate λ of ϕ, there is some π ∈ Π such that π |= λ

We begin by proving (1). Suppose that (1) does not hold, that is, that there is some

π ∈ Π which is not a prime implicate of ϕ. Since π is by definition an implicate

of ϕ, it follows that there must be some implicate λ of ϕ such that λ |= π and

π 6|= λ. But by Lemma 3.2.6, there is some implicate λ′ of ϕ such that δ(λ′) ≤ δ(ϕ),

sig(λ′) ⊆ sig(ϕ), and λ′ |= λ. But that means that λ′ is an element of Σ which

implies but is not implied by π, contradicting the assumption that π is in Π. We

can thus conclude that every element of Π must be a prime implicate of ϕ.

For (2): let λ be some implicate of ϕ. Then by Lemma 3.2.6, there exists some

clause λ′ ∈ Σ such that λ′ |= λ. If λ′ ∈ Π, we are done. Otherwise, there must exist

some σ ∈ Σ such that σ |= λ′ and λ′ 6|= σ. If σ ∈ Π, we are done, otherwise, we

find another stronger member of Σ. But as Σ has finitely many elements modulo

equivalence, after a finite number of steps, we will find some element which is

in Π and which implies λ. Since we have just seen that all members of Π are

prime implicates of ϕ, it follows that every implicate of ϕ is implied by some prime

implicate of ϕ.

For the second part of Covering, let κ be an implicant of ϕ, and let λ be a

clause equivalent to ¬κ (there must be one because D4 satisfies property P4). Now

since κ |= ϕ, we must also have ¬ϕ |= λ. According to what we have just shown,

there must be some prime implicate π of ¬ϕ such that ¬ϕ |= π |= λ. By Theorem

3.2.5, π must be equivalent to the negation of some prime implicant ρ of ϕ. But

since ρ ≡ ¬π and π |= λ and λ ≡ ¬κ, it follows that κ |= ρ, completing the proof.

We now prove that Equivalence is satisfied.

Theorem 3.2.9.

The notions of prime implicates and prime implicants induced by D4 satisfy Equiv-

alence.

Proof. Let ϕ be some formula in K, and suppose that M is a model of every prime

implicate of ϕ. As D4 is known to satisfy property P5 (by Theorem 3.1.13), we

can find a conjunction of clauses which is equivalent to ϕ. By Covering (Theorem


3.2.8), each of these clauses is implied by some prime implicate of ϕ, so M must be

a model of each of these clauses. It follows that M is a model of ϕ. For the other

direction, we simply note that by the definition of prime implicates if M is a model

of ϕ, then it must also be a model of every prime implicate of ϕ. We have thus

shown that M is a model of ϕ if and only if it is a model of every prime implicate

of ϕ. Using a similar argument, we can show that M is a model of ϕ if and only if

it is a model of some prime implicant of ϕ.

Finally, we show that Distribution holds.

Theorem 3.2.10.


satisfy Distribution.

Proof. Let λ be a prime implicate of ϕ1 ∨ ... ∨ ϕm. Now for each ϕi, we must have

ϕi |= λ. From Covering (Theorem 3.2.8), we know that there must exist some

prime implicate λi for each ϕi such that λi |= λ. This means that the formula

λ1 ∨ ...∨ λm (which is a clause because it is a disjunction of clauses) entails λ. But

since λ is a prime implicate, it must also be the case that λ |= λ1 ∨ ... ∨ λm, and

hence λ ≡ λ1 ∨ ... ∨ λm. The proof for prime implicants is entirely similar.

We close this subsubsection with some examples which illustrate the notions of

prime implicates and prime implicants that one obtains from definition D4.

Example 3.2.11.

Consider the following formula ϕ

(a ∨ b) ∧ 21(¬b ∨ c) ∧ (b ∨ 31b) ∧ 32a ∧ 32e

∧22(b ∧ (a ∨ c)) ∧ 22d

The prime implicates of ϕ w.r.t. definition D4 are:

a ∨ b, 21(¬b ∨ c), b ∨ 31(b ∧ c), 32(a ∧ b ∧ d), 32((a ∨ c) ∧ b ∧ d ∧ e), and

22((a ∨ c) ∧ b ∧ d)

plus all clauses equivalent to one of the clauses in this list.

The next example demonstrates how we can leverage the Distribution property

to help compute prime implicates:

Example 3.2.12.

Let us now consider the NNF of the negation of the formula ϕ from the previous

example:


(¬a ∧ ¬b) ∨ 31(b ∧ ¬c) ∨ (¬b ∧ 21¬b) ∨ 22¬a ∨ 22¬e

∨32(¬b ∨ (¬a ∧ ¬c)) ∨ 32¬d

We know from the Distribution property that the prime implicates of this dis-

junction w.r.t. definition D4 are just the logically strongest disjunctions of prime

implicates of the disjuncts. Thus, in order to calculate this formula’s prime im-

plicates, we simply need to compute the prime implicates of each of the disjuncts,

form the different possible disjunctions, and eliminate weaker elements. All but

two of the disjuncts are literals (and hence their own prime implicates), so we only

need to compute the prime implicates of the first disjunct (which are ¬a and ¬b)

and the third disjunct (yielding ¬b and 21¬b). Then we construct the four possible

disjunctions of prime implicates, which are:

• ¬a ∨ 31(b ∧ ¬c) ∨ ¬b ∨ 22¬a ∨ 22¬e ∨ 32(¬b ∨ (¬a ∧ ¬c)) ∨ 32¬d

• ¬b ∨ 31(b ∧ ¬c) ∨ ¬b ∨ 22¬a ∨ 22¬e ∨ 32(¬b ∨ (¬a ∧ ¬c)) ∨ 32¬d

• ¬a ∨ 31(b ∧ ¬c) ∨ 21¬b ∨ 22¬a ∨ 22¬e ∨ 32(¬b ∨ (¬a ∧ ¬c)) ∨ 32¬d

• ¬b ∨ 31(b ∧ ¬c) ∨ 21¬b ∨ 22¬a ∨ 22¬e ∨ 32(¬b ∨ (¬a ∧ ¬c)) ∨ 32¬d

The first clause is logically weaker than the second, so we eliminate it. The other

clauses are all mutually non-implying, so they are all prime implicates of ¬ϕ. More-

over, every prime implicate of ¬ϕ is equivalent to one of these three clauses.

Our final example shows how the Implicate-Implicant Duality can be used

to generate prime implicants from prime implicates:

Example 3.2.13.

Let ϕ be as defined in Example 3.2.11. By the Implicate-Implicant Duality,

every prime implicant of ϕ is equivalent to the negation of some prime implicate

of ¬ϕ. As we have already computed the prime implicates of ¬ϕ in the previous

example, we just need to use the NNF transformation to rewrite the negations of

the prime implicates as terms. We obtain the following three terms:

• b ∧ 21(¬b ∨ c) ∧ b ∧ 32a ∧ 32e ∧ 22(b ∧ (a ∨ c)) ∧ 22d

• ¬a ∧ 21(¬b ∨ c) ∧ 31b ∧ 32a ∧ 32e ∧ 22(b ∧ (a ∨ c)) ∧ 22d

• b ∧ 21(¬b ∨ c) ∧ 31b ∧ 32a ∧ 32e ∧ 22(b ∧ (a ∨ c)) ∧ 22d

Conclusion

While the comparison in the first part of the chapter suggested that definition

D5 was at least as suitable as D4 as a definition of clauses and terms, the results

obtained in the second part of the chapter rule out D5 as a suitable definition for

prime implicates and prime implicants. In the following chapters, we will mainly

concentrate our attention on the notions of prime implicates and prime implicants


induced by definition D4, as these have been shown to be the most satisfactory

generalizations of the propositional case. From this point on, we will take the

words “clause”, “term”, and “prime implicate” to mean clause, term, and prime

implicate with respect to definition D4, except where explicitly stated otherwise.

4

Generating and Recognizing

Prime Implicates

Now that we have selected an appropriate definition of prime implicates and prime

implicants for Kn, it is time to investigate the computational properties of these notions.

The first half of the chapter will be devoted to the study of prime implicate generation,

which is the main search problem related to prime implicates. In the second part of

the chapter, we will turn our attention to the main decision problem which is that of

determining whether a given clause is a prime implicate of a formula.

4.1 Prime Implicate Generation

In this section, we investigate the problem of generating the set of prime impli-

cates of a given formula. This task is important if we want to compile a formula

into its set of prime implicates. It is also useful when we want to produce abduc-

tive explanations, since by Implicant-Implicate Duality (Theorem 3.2.5) any

algorithm for generating prime implicates can be straightforwardly adapted into an

algorithm for generating prime implicants.

4.1.1 Prime implicate generation in propositional logic

The development of methods for generating prime implicates in propositional

logic has been an area of active research, and there exist nowadays quite a large

number of different generation algorithms 1. For the most part, these algorithms

1. See [Mar00] for an excellent survey.

89

90 4.1. Prime Implicate Generation

can be classified into one of two approaches:

Resolution-based approach The first procedure for generating prime implicates

was introduced by Quine in [Qui55]. Quine’s algorithm transforms the input

formula into a set of clauses, and then iteratively performs resolution on pairs

of clauses until a fixpoint is reached, removing at each step any subsumed

clauses. Many improvements to this basic algorithm can be found in the

literature (cf. [Tis67], [KT90], [Jac92], [dK92], [del99], and [SdV01]). It

should be noted that resolution-based approaches to consequence finding also

exist for first-order logic (cf. e.g. [Ino92]).

Distribution-based approach Algorithms in this approach exploit in one man-

ner or another the property Distribution which characterizes the prime im-

plicates of a disjunction of formulae in terms of the prime implicates of the

disjuncts. Examples of algorithms of this type can be found in [SCL69],

[Soc91], [Nga93], [Cas96], [RBM97], and [SP99]. Most of these algorithms

involve a transformation of input formula into disjunctive normal form, but

some methods (like the one in [RBM97]) can handle arbitrary formulae in

negation normal form. In contrast to the resolution-based approach, the

distribution-based approach cannot be lifted to first-order logic, which does

not satisfy Distribution.

The prime implicate generation algorithm we will propose in the next subsection

follows the distribution-based approach.

4.1.2 The algorithm GenPI

In Figure 4.1, we present the algorithm GenPI which computes the set of

prime implicates of a given Kn formula. The algorithm makes use of the procedure

Dnf(ϕ) which was introduced in Chapter 2.

The algorithm GenPI works as follows: in Step 1, we check whether ϕ is

unsatisfiable, outputting a contradictory clause if this is the case. For satisfiable ϕ,

we set T equal to a set of terms whose disjunction is equivalent to ϕ. Because

of Distribution, we know that every prime implicate of ϕ is equivalent to some

disjunction of prime implicates of the terms in T . In Step 2, for each satisfiable

term T , we set ∆(T ) equal to the propositional literal conjuncts of T (Prop(T ))

plus the strongest 2-formulae implied by T (B(T )) plus the strongest 3-formulae

implied by T (D(T )). It is not too hard to see that every prime implicate of T

must be equivalent to one of the elements in ∆(T ). This means that in Step 3

we are guaranteed that every prime implicate of the input formula is equivalent to

some candidate prime implicate in Candidates. During the comparison phase in

4. Generating and Recognizing Prime Implicates 91

Algorithm 4.1 GenPI

Input: a formula ϕ

Output: a set of clauses

(1) If Sat(ϕ)=no, return ⊥. Otherwise, set T = Dnf(ϕ).

(2) For each T ∈ T such that Sat(T )=yes:

Initialize B(T ) and D(T ) to ∅

For each 1 ≤ i ≤ n:

If Boxi(T ) 6= ∅, then

B(T ) = B(T ) ∪ {2i

∧

ψ∈Boxi(T ) ψ }

D(T ) = D(T ) ∪ {3i (γ ∧∧

ψ∈Boxi(T ) ψ) | γ ∈ Diami(T ) }

Else if Diami(T ) 6= ∅

D(T ) = D(T ) ∪ {3i γ | γ ∈ Diami(T ) }

Set ∆(T ) = Prop(T ) ∪B(T ) ∪D(T ).

(3) Set Candidates = {∨

T∈T θT | θT ∈ ∆(T )}.

(4) For each λj ∈ Candidates: remove the clause λj from Candidates if

Entails(λk, λj)=yes for some k < j, or if both Entails(λk, λj)=yes

and Entails(λj , λk)=no for some k > j.

(5) Return Candidates.

Step 4, non-prime candidates are eliminated, and exactly one prime implicate of

each equivalence class will be retained.

Example 4.1.1.

We run the algorithm GenPI on the formula ϕ = a∧ ((31 (b∧ c) ∧31 b)∨ (31 b∧

31 (c ∨ d) ∧ 21 e ∧ 21 f)) ∧ 22 ⊥.

Step 1: As ϕ is satisfiable, we call the function Dnf on ϕ, and it returns the two

terms T1 = a∧31 (b∧ c)∧31 b∧22 ⊥ and T2 = a∧31 b∧31 (c∨ d)∧21 e∧

21 f ∧ 22 ⊥.

Step 2: We have Prop(T1) = {a}, B(T1) = {22 ⊥}, and D(T1) = {31 (b∧ c),31 b},

so we get

∆(T1) = {a,22 ⊥,31 (b ∧ c),31 b}

For T2, we have Prop(T2) = {a}, B(T2) = {21 (e ∧ f),22 ⊥}, and D(T2) =

{31 (b ∧ e ∧ f),31 ((c ∨ d) ∧ e ∧ f)}, giving us

∆(T2) = {a,21 (e ∧ f),22 ⊥,31 (b ∧ e ∧ f),31 ((c ∨ d) ∧ e ∧ f)}

Step 3: The set Candidates will contain all of the different possible disjunctions

of elements in ∆(T1) with elements in ∆(T2), of which there are 20: a ∨ a,


a ∨ 21 (e ∧ f), a ∨ 22 ⊥, a ∨ 31 (b ∧ e ∧ f), a ∨ 31 ((c ∨ d) ∧ e ∧ f), 22 ⊥ ∨ a,

22 ⊥∨21 (e∧f), 22 ⊥∨22 ⊥, 22 ⊥∨31 (b∧e∧f), 22 ⊥∨31 ((c∨d)∧e∧f),

31 (b∧c)∨a, 31 (b∧c)∨21 (e∧f), 31 (b∧c)∨22⊥, 31 (b∧c)∨31 (b∧e∧f),

31 (b ∧ c) ∨ 31 ((c ∨ d) ∧ e ∧ f), 31 b ∨ a, 31 b ∨ 21 (e ∧ f), 31 b ∨ 22 ⊥,

31 b ∨ 31 (b ∧ e ∧ f), and 31 b ∨ 31 ((c ∨ d) ∧ e ∧ f).

Step 4: We will remove from Candidates the clauses a ∨ 21 (e ∧ f), a ∨ 22 ⊥,

a ∨ 31 (b ∧ e ∧ f), a ∨ 31 ((c ∨ d) ∧ e ∧ f), 22 ⊥ ∨ a, 31 (b ∧ c) ∨ a, and

31 b ∨ a since they are all strictly weaker than a ∨ a. We will also eliminate

the clauses 22 ⊥∨21 (e∧ f), 22 ⊥∨31 (b∧ e∧ f), 22 ⊥∨31 ((c∨ d)∧ e∧ f),

31 (b ∧ c) ∨ 22 ⊥, and 31 b ∨ 22 ⊥, since they are weaker than 22 ⊥ ∨ 22 ⊥.

Finally we will remove the clauses 31 b∨21 (e∧ f), 31 b∨31 (b∧ e∧ f), and

31 b∨31 ((c∨ d)∧ e∧ f) since these clauses are respectively weaker than the

clauses 31 (b∧c)∨21 (e∧f), 31 (b∧c)∨31 (b∧e∧f) and 31 (b∧c)∨31 ((c∨

d) ∧ e ∧ f).

Step 5: GenPI will return the five remaining clauses in Candidates, which are

a ∨ a, 22 ⊥ ∨ 22 ⊥, 31 (b ∧ c) ∨ 21 (e ∧ f), 31 (b ∧ c) ∨ 31 (b ∧ e ∧ f), and

31 (b ∧ c) ∨ 31 ((c ∨ d) ∧ e ∧ f).

4.1.3 Correctness of GenPI

Our algorithm can be shown to be a sound and complete procedure for gener-

ating prime implicates.

Lemma 4.1.2.

The algorithm GenPI always terminates.

Proof. We know from Corollary 2.4.5 that the algorithm Dnf always terminates and

returns a finite set of formulae. This means that there are only finitely many terms

T to consider. For each T , the set ∆(T ) contains only finitely many elements (this

is immediate given the definition of ∆(T )), which means that the set Candidates

also has finite cardinality. In the final step, we compare at most once each pair of

elements in Candidates. As the comparison always terminates, and there are only

finitely many pairs to check, it follows that the algorithm GenPI terminates.

Lemma 4.1.3.

The algorithm GenPI outputs exactly the set of prime implicates of the input for-

mula.


Proof. We first prove that every prime implicate of a term T is equivalent to some

element in ∆(T ). Let

T = γ1 ∧ ... ∧ γk ∧n∧

i=1

(3i ψi,1 ∧ ... ∧ 3i ψi,li ∧ 2i χi,1 ∧ ... ∧ 2i χi,mi)

be some term (where γ1, ..., γk are propositional literals), and let

λ = ρ1 ∨ ... ∨ ρp ∨∨

i∈L


be one of its prime implicates. As Ts |= λ, it must be the case that the formula


)∧

¬ρ1 ∧ ... ∧ ¬ρp ∧∧ni=1(2i ¬ǫi,1 ∧ ... ∧ 2i ¬ǫi,qi ∧ 3i ¬ζi,1 ∧ ... ∧ 3i ¬ζi,ri)

is unsatisfiable. It follows from Theorem 2.3.1 that one of the following must hold:

(a) γ1 ∧ ... ∧ γk ∧ ¬ρ1 ∧ ... ∧ ¬ρp |= ⊥

(b) there exists some 1 ≤ i ≤ n and some 1 ≤ u ≤ li such that


(c) there exists some 1 ≤ i ≤ n and some 1 ≤ u ≤ ri such that


If (a) holds, then there must be some u and v such that γu = ρv. That means γu |=

λ, so λ must be equivalent to γu or else we would have found a stronger implicate,

contradicting our assumption that λ is a prime implicate of T . But then the result

holds since γu is in ∆(T ). If (b) holds, then the formula 3i (ψi,u ∧ χi,1 ∧ ...∧χi,mi)

is an implicate of T which implies λ, so λ ≡ 3i (ψi,u ∧ χi,1 ∧ ... ∧ χi,mi). We are

done since 3i (ψi,u ∧ χi,1 ∧ ... ∧ χi,mi) is a member of ∆(T ). Finally we consider

the case where (c) holds. In this case, 2i (χi,1 ∧ ... ∧ χi,mi) is an implicate of T

which implies λ, and so is equivalent to λ (as λ is a prime implicate). But then we

have the desired result since 2i (χi,1 ∧ ... ∧ χi,mi) is one of the elements in ∆(T ).

Thus we can conclude that every prime implicate of a term T is equivalent to some

element in ∆(T ). By Theorem 2.4.4, the elements in Dnf(ϕ) are terms, and their

disjunction is equivalent to ϕ. As D4 satisfies Distribution (Theorem 3.2.10), it

follows that every prime implicate of the input ϕ is equivalent to some element in

Candidates. This means that if an element λj in Candidates is not a prime

implicate of ϕ, then there is some prime implicate π of ϕ that implies but is not

implied by λj , and hence some λk ∈ Candidates such that λk |= λj and λj 6|= λk.

Thus, during the comparison phase, this clause will be removed from Candidates.

Now suppose that the clause λ is a prime implicate of ϕ. Then we know that there

must be some λj ∈ Candidates such that λj ≡ λ, and moreover, we can choose


λj so that there is no λk with k < j such that λk |= λj . When in the final step we

compare λj with all the clauses λk with k 6= j, we will never find that λk |= λj for

k < j, nor can we have λk |= λj 6|= λk for some k > j, otherwise λ would not be a

prime implicate. It follows then that λj remains in the set Candidates which is

returned by the algorithm. We have thus shown that the output of GenPI with

input ϕ is precisely the set of prime implicates of ϕ.

Theorem 4.1.4.

The algorithm GenPI always terminates and outputs exactly the set of prime im-

plicates of the input formula.

Proof. Follows directly from Lemmas 4.1.2 and 4.1.3.

Finally, we have the following theorem which relates the depths, signatures,

and literal subformulae of the prime implicates produced by GenPI to the depth,

signature, and literal subformulae of the input formula. We will require this result

later on in Chapter 6.

Theorem 4.1.5.

Let ϕ be a formula in NNF. The signatures of the clauses output by GenPI on input

ϕ are contained in the signature of ϕ. The depths of the clauses output by GenPI

on input ϕ are no greater than δ(ϕ). Every literal subformula which appears behind

the modal operators in some clause output by GenPI is also a literal subformula

of ϕ.

Proof. Suppose that GenPI is run on an input formula ϕ in NNF. We know from

Theorem 2.4.6 that sig(T ) ⊆ sig(ϕ) and δ(T ) ≤ δ(ϕ) for every T ∈ Dnf(ϕ).

Moreover, we know from the definition of ∆(T ) that sig(θ) ⊆ sig(T ) ⊆ sig(ϕ) and

δ(θ) ≤ δ(T ) ≤ δ(ϕ) for every θ ∈ ∆(T ). It is also easy to see from the definition

that if ψ is such that 3ψ or 2ψ is a conjunct of some element in ∆(T ), then ψ is

a conjunction of subformulae of ϕ, so each of the literal subformulae appearing in

ψ must also appear in ϕ. As the formulae in Candidates are disjunctions of the

elements in the ∆(T ), it follows that the formulae in Candidates have signatures

contained in sig(ϕ) and depths at most δ(ϕ) and that the literal subformulae behind

their modal operators also appear in ϕ. This is enough to prove the result since

every clause output by GenPI belongs to Candidates.

4.1.4 Bounds on prime implicate size

By examining the prime implicates produced by GenPI, we can put an upper

bound on the length of a formula’s prime implicates.


Theorem 4.1.6.

The smallest clausal representation of a prime implicate of a formula is at most

single-exponential in the length of the formula.

Proof. Let ϕ be a formula in Kn. Prime implicates of ϕ generated by GenPI can

have at most 2|ϕ| disjuncts as there are at most 2ϕ terms in Dnf(ϕ) by Theorem

2.4.6. Moreover, each disjunct has length at most 2|ϕ|, since the elements in ∆(T )

are never larger than |T | and the length of T cannot exceed 2|ϕ| (by Theorem

2.4.6). This gives us a total of 2|ϕ| ∗ 2|ϕ| symbols, to which we must add the at

most 2|ϕ| − 1 disjunction symbols connecting the disjuncts. We thus find that the

length of the smallest clausal representation of a prime implicate of a formula ϕ

cannot exceed 2|ϕ| ∗ 2|ϕ| + (2|ϕ| − 1), which is clearly single-exponential in |ϕ|.

For a tighter bound, suppose that Nnf(ϕ) has at most l mutually non-equivalent

literal subformulae appearing outside the scope of modal operators. Then there are

at most 2l mutually non-equivalent elements in T = Dnf(ϕ) by Theorem 2.4.6.

It follows that we can choose a subset T ′ of T with cardinality at most 2l such

that every element of T is equivalent to some element of T ′. Now let π be some

formula in the output of GenPI. We know that π is of the form∨

T∈T θT where

θT ∈ ∆(T ) for all T ∈ T . Now let π′ =∨

T∈T ′ θT . Clearly π′ |= π. We also have

π′ |= π, since every T ∈ T we can find T ′ ∈ T ′ such that T ≡ T ′, which means that

T |= θT ′ |= π′. Thus, we have shown that every prime implicate of ϕ is equivalent

to a clause with length at most 2|ϕ| ∗ 2l + (2l − 1).

This upper bound is optimal as we can find formulae with exponentially large

prime implicates.

Theorem 4.1.7.

The length of the smallest clausal representation of a prime implicate of a formula

can be exponential in the length of the formula.

Proof. Consider the formula

ϕ =

n∧

i=1

(2ai1 ∨ 2ai2)

and the clause

λ =∨

(i1,...,in)∈{1,2}n

2(a1i1 ∧ a2i2 ∧ ... ∧ anin)

where aij 6= akl whenever i 6= k or j 6= l. It is not difficult to see that ϕ and λ are

equivalent, which means that λ must be a prime implicate of ϕ. All that remains

to be shown is that any clause equivalent to λ must have length at least |λ|. This


yields the result since λ clearly has size exponential in n, whereas the length of ϕ

is only linear in n.

Let λ′ be a shortest clause which is equivalent to λ. As λ′ is equivalent to λ,

it follows from Theorem 2.3.2 that λ′ is a disjunction of 2-literals and of incon-

sistent 3-literals. But since λ′ is assumed to be a shortest representation of λ,

it cannot contain any inconsistent 3-literals or any redundant 2-literals, since we

could remove them to find an equivalent shorter clause. So λ′ must be of the form

2χ1 ∨ ... ∨ 2χm, where χl 6|= χj whenever l 6= j. Now since λ′ |= λ, every disjunct

2χp must also imply λ. As λ is a disjunction of 2-literals, it follows from Theorem

2.3.3 that every disjunct 2χp of λ′ implies some disjunct 2δq of λ. But that means

that every 2χp must have length at least 2n + 1, since each χp is a satisfiable

formula which implies a conjunction of n distinct propositional variables. We also

know that every disjunct 2δq of λ implies some disjunct 2χp of λ′ since λ |= λ′.

We now wish to show that no two disjuncts of λ imply the same disjunct of λ′.

Suppose that this is not the case, that is, that there are distinct disjuncts 2δ1 and

2δ2 of λ and some disjunct 2χp of λ′ such that 2δ1 |= 2χp and 2δ2 |= 2χp. Now

since 2δ1 and 2δ2 are distinct disjuncts, there must be some i such that 2δ1 |= ai1

and 2δ2 |= ai2 or 2δ1 |= ai2 and 2δ2 |= ai1. We know that 2χp |= 2δq for some δq,

and that every δq implies either ai1 or ai2, so either 2χp |= 2ai1 or 2χp |= 2ai2.

But we know that the 2δq each imply either 2ai1 or 2ai2 but not both, so one of

2δ1 and 2δ2 must not imply 2χp. This contradicts our earlier assumption that

2δ1 |= 2χp and 2δ2 |= 2χp, so each disjunct of λ must imply a distinct disjunct of

λ′. We have thus demonstrated that λ′ contains just as many disjuncts as λ. As

we have already shown that the disjuncts of λ′ are no shorter than the disjuncts of

λ, it follows that |λ′| ≥ |λ|, and hence |λ′| = |λ|. We conclude that every clause

equivalent to λ has length at least |λ|, completing the proof.

It is interesting to note that the formula used in the proof of Theorem 4.1.7

has a single modal operator and a depth of 1, which means that we cannot avoid

this worst-case spatial complexity by restricting our attention to formulae with

few modalities or of shallow depth. Nor can we escape this exponential worst-case

spatial complexity by dropping down to one of the less expressive notions of prime

implicates examined in the previous chapter, as the following theorem demonstrates.

Theorem 4.1.8.

If prime implicates are defined using either D1 or D2, then the length of the small-

est clausal representation of a prime implicate of a formula can be exponential in

the length of the formula.


For Theorem 4.1.8, we will prove that the following clause

λ =∨

(q1,...,qn)∈{3,2}n

2q1...qn c

is a prime implicate (for both D1 and D2) of the K-formula

ϕ = (23(b0 ∧ b1) ∨ 22(b0 ∧ b1) ) ∧n∧

i=2

(2i3bi ∨ 2

i2bi )

∧n−1∧

i=1

2i+1 ( (bi−1 ∧ bi) → 2bi ) ∧ 2

n+1 ( (bn−1 ∧ bn) → c )

and moreover that there is no shorter way to represent λ. To prove this, we will

requiring the following technical lemmas.

Lemma 4.1.9.

Let l1 ∨ ...∨ lm be a D1-clause which implies q1...qna, where qi ∈ {2,3} and a is a

propositional variable. Then either l1 ∨ ... ∨ lm ≡ q1...qna or l1 ∨ ... ∨ lm ≡ q1...qj⊥

for some 1 ≤ j ≤ n or l1 ∨ ... ∨ lm ≡ ⊥.

Proof. The proof is by induction on the value of n. When n = 0, we have just

l1 ∨ ... ∨ lm |= a. According to Theorem 2.3.2, every disjunct of l1 ∨ ... ∨ lm must

be either a or some unsatisfiable formula. It follows that l1 ∨ ... ∨ lm ≡ a or

l1 ∨ ... ∨ lm ≡ ⊥.

Now suppose the result holds whenever n ≤ k, and suppose that we have l1 ∨

... ∨ lm |= q1...qk+1a. For every li, we must have li |= q1...qk+1a, and hence |=

¬li ∨ q1...qk+1a. Using Theorem 2.3.1, we arrive at the following four possibilities:

(a) |= q1...qk+1a

(b) li ≡ ⊥

(c) q1 = 3 and li ≡ 3l′i and l′i |= q2...qk+1a

(d) q1 = 2 and li ≡ 2l′i and l′i |= q2...qk+1a

We can eliminate case (a) since 6|= q1...qk+1a for every string of modalities q1...qk+1.

We remark that if (c) holds, then according to the induction hypothesis, li ≡

3q1...qk+1a or li ≡ 3q1...qj⊥ for j ≤ k + 1 or li ≡ ⊥. Similarly, if (d) holds, then

either li ≡ 2q1...qk+1a or li ≡ 2q1...qj⊥ for j ≤ k + 1 or li ≡ ⊥.

Now if there is some li which is equivalent to q1...qk+1a, then we get l1∨...∨lm ≡

q1...qk+1a. If there is no such li, then let p be such that there is some li ≡ q1...qp⊥

but there is no li ≡ q1...qp−1⊥. In this case, we get l1 ∨ ... ∨ lm ≡ q1...qp⊥. Finally,

if all disjuncts are unsatisfiable, we have l1 ∨ ... ∨ lm ≡ ⊥.


Lemma 4.1.10.

Fix (q1, ..., qn) ∈ {2,3}n, and let T =

2q1(b0∧ b1)∧ (n∧

k=2

2kqkbk)∧

n−1∧

k=1

2k+1 ((bk−1∧ bk) → 2bk ) ∧ 2

n+1 ((bn−1∧ bn) → c)

Then T |= 2r1...rnc if and only if rk = qk for all 1 ≤ k ≤ n.

Proof. We begin by showing that for all 1 ≤ i ≤ n− 1 that the formula

bi−1 ∧ bi ∧ (

n∧

k=i+1

2k−i−1qkbk ) ∧ (

n−1∧

k=i

2k−i((bk−1 ∧ bk) → 2 bk) )∧ 2

n−i((bn−1 ∧ bn) → c)

entails the formula ri+1...rnc just in the case that qi+1...qn = ri+1...rn.

The proof is by induction on i. The base case is i = n− 1. We have

bn−2 ∧ bn−1 ∧ qnbn ∧ ((bn−2 ∧ bn−1) → 2bn−1) ∧ 2((bn−1 ∧ bn) → c) |= rnc (4.1)

if and only if

bn−2 ∧ bn−1 ∧ qnbn ∧ 2bn−1 ∧ 2((bn−1 ∧ bn) → c) |= rnc

if and only if (Theorem 2.3.1) either

qn = 3 and rn = 2 and bn−1 ∧ ((bn−1 ∧ bn) → c) |= c

or

qn = rn and bn−1 ∧ bn ∧ ((bn−1 ∧ bn) → c) |= c

As bn−1 ∧ ((bn−1 ∧ bn) → c) 6|= c, we cannot have the first alternative. It follows

then that if Equation (4.1) holds, then the second alternative must hold, in which

case we get qn = rn, as desired. For the other direction, we simply note that

bn−1∧ bn∧ ((bn−1∧ bn) → c) |= c is a valid entailment, which means qn = rn implies

Equation (4.1).

Next let us suppose that the above statement holds for all 1 < j ≤ i ≤ n − 1,

and let us prove the statement holds when i = j − 1. Then

bj−2 ∧ bj−1 ∧ (

n∧

k=j

2k−jqk bk) ∧ (

n−1∧

k=j−1

2k−j+1(bk−1 ∧ bk → 2bk) )

∧ 2n−j+1((bn−1 ∧ bn) → c) |= rj ...rnc (4.2)

if and only if one of the following holds:

(a) qj = 3 and rj = 2 and

bj−1 ∧ (

n∧

k=j+1

2k−j−1qk bk) ∧ (

n−1∧

k=j

2k−j((bk−1 ∧ bk) → 2bk) ) ∧ 2

n−j((bn−1 ∧ bn) → c)

|= rj+1...rnc


(b) qj = rj and

bj−1 ∧ bj ∧ (

n∧

k=j+1

2k−j−1qkbk) ∧ (

n−1∧

k=j

2k−j((bk−1 ∧ bk) → 2bk)) ∧ 2

n−j((bn−1 ∧ bn) → c)

|= rj+1...rnc

We will first show that the entailment in (a) doesn’t hold. Consider the model

M = 〈W,R, v〉 defined as follows:

• W = {wj , ..., wn}

• R = {(wj , wj+1), ..., (wn−1, wn)}

• v(c, w) = false for all w ∈ W

• for w 6= wj : v(bk, w) = true if and only if w = wk

• v(bk, wj) = true if and only if k = j − 1

Notice that since each world (excepting wn) has exactly one successor, the 2- and

3- quantifiers have the same behavior (except at wn). It can easily be verified that

M, wj satisfies the left-hand side of the above entailment for any tuple qj+1...qn:

we have M, wj |= bj−1 by definition, we have M, wj |=∧nk=j+1 2

k−j−1qk bk because

M, wk |= bk for k 6= j, we have M, wj |=∧n−1k=j 2

k−j((bk−1 ∧ bk) → 2bk) ) since

M, wj 6|= bj and M, wk 6|= bk−1 for k 6= j, and finally we have M, wj |= 2n−j((bn−1 ∧

bn) → c) since wn 6|= bn−1. However, the right-hand side rj+1...rnc is not satisfied

at wj : the only world accessible from wj in n − j − 1 steps is wn which does not

satisfy c.

We have just shown that case (a) cannot hold, which means that Equation

(4.2) holds if and only if (b) does. But if we apply the induction hypothesis to the

entailment in (b), we find that it holds just in the case that qj+1...qn = rj+1...rn.

It follows then that Equation (4.2) if and only if qj...qn = rj = rn, as desired. This

completes our proof of the above statement.

We are now proceed to the proof of the lemma. By Theorem 2.3.1

2q1(b0 ∧ b1) ∧ (

n∧

k=2

2kqkbk) ∧ (

n−1∧

k=1

2k+1 ( (bk−1 ∧ bk) → 2bk ) ∧ 2

n+1 ( (bn−1 ∧ bn) → c )

|= 2r1...rnc

holds just in the case that

q1(b0 ∧ b1) ∧ (

n∧

k=2

2k−1qkbk) ∧

n−1∧

k=1

2k ( (bk−1 ∧ bk) → 2bk ) ∧ 2

n ( (bn−1 ∧ bn) → c )

|= r1...rnc

which in turn holds if and only if one of the following statements holds:


(i) q1 = 3 and r1 = 2 and

(

n∧

k=2

2k−2qkbk ) ∧ (

n−1∧

k=1

2k−1((bk−1 ∧ bk) → 2bk) ) ∧ 2

n−1((bn−1 ∧ bn) → c) |= r2...rnc

(ii) q1 = r1 and

b0 ∧ b1 ∧ (

n∧

k=2

2k−2qkbk ) ∧ (

n−1∧

k=1

2k−1((bk−1 ∧ bk) → 2bk) ) ∧ 2

n−1((bn−1 ∧ bn) → c)

|= r2...rnc

We remark that if we set j = 1 in (a) above, then the left-hand-side of the entailment

in (i) is logically weaker than that in (a), and the right-hand side matches that in (a).

As we have already shown that the entailment in (a) does not hold, it follows that

the entailment in (i) cannot hold either. Thus, we find that the desired entailment

relation in the statement of the lemma holds if and only if (ii) does. This completes

the proof since we have already shown in the induction above that the entailment

in (ii) holds if and only if q2...qn = r2...rn, i.e. (ii) is true just in the case that

q1...qn = r1 = rn.

Lemma 4.1.11.

There is no clause w.r.t. D1 which is equivalent to λ and of strictly smaller size

than λ.

Proof. Let λ′ be a D1-clause which is equivalent to λ. Suppose furthermore that

λ′ is the smallest such clause. As λ is non-tautologous and contains only 2-literals

as disjuncts, it follows that every disjunct of λ′ must be either unsatisfiable or a 2-

literal (cf. Theorem 2.3.2). But since λ is satisfiable, so too is λ′. That means that

if λ′ contained an unsatisfiable disjunct, it could be removed to yield an equivalent

but shorter clause, contradicting our assumption that λ′ is of minimal length. Thus,

λ′ contains only 2-literals.

Since λ′ |= λ, every disjunct 2l of λ′ must imply some disjunct 2q1...qnc of λ.

Also, every disjunct 2l of λ′ must be implied by some disjunct 2q1...qnc of λ, since

otherwise we could remove 2l from λ′ while preserving the equivalence between λ

and λ′.

It follows then that each disjunct of λ′ is implied by some disjunct of λ and

implies some disjunct of λ. But since the disjuncts of λ do not imply each other

(because of Lemma 4.1.9), it follows that each disjunct of λ′ is equivalent to some

disjunct of λ, and moreover that every disjunct of λ is equivalent to some disjunct

of λ′.


This completes the proof since it is clear that the disjuncts 2q1...qnc of λ cannot

be more compactly represented. Our proof works equally well for D2, since every

D2-clause is also a D1-clause.

Proof of Theorem 4.1.8. We begin with definition D1. Let λ and ϕ be as defined

on page 97. We begin by distributing ∨ over ∧ in order to transform ϕ into an

equivalent disjunction of terms w.r.t. definition D4:

ϕ ≡∨

(q1,...,qn)∈{2,3}n

Tq1,...,qn

where Tq1,...,qn is equal to

2q1(b0 ∧ b1) ∧ (

n∧

i=2

2iqibi)∧

n−1∧

i=1

2i+1 ( (bi−1 ∧ bi) → 2bi ) ∧ 2

n+1 ( (bn−1 ∧ bn) → c )

By Lemma 4.1.10, Tq1,...,qn |= 2q1...qnc, and hence Tq1,...,qn |= λ. We thus have

ϕ |= λ.

We now show that there is no stronger D1-clause w.r.t. which is implied by ϕ.

Let λ′ be a D1-clause such that ϕ |= λ′ |= λ, and assume without loss of generality

that λ′ has no unsatisfiable disjuncts. As λ is a non-tautologous disjunction of

2-literals, we know from Lemma 2.3.2 that every disjunct of λ′ must be of the form

2l where l is a D1-clause such that l |= r1...rnc for some quantifier string r1...rn.

But according to Lemma 4.1.9, l must be equivalent either to r1...rnc or to r1...rk⊥

for some 1 ≤ k ≤ n or ⊥. It follows that λ′ is equivalent to a clause having only

disjuncts of the forms 2r1...rnc or 2r1...rk⊥ (1 ≤ k ≤ n) or 2⊥.

As ϕ |= λ′, it must be the case that each of the terms Tq1,...,qn implies λ′, or

equivalently Tq1,...,qn∧¬λ′ |= ⊥. As we have shown above that the disjuncts of λ′ are

all 2-literals, it follows from Theorem 2.3.1 that each term implies some disjunct

of λ′. Moreover, we know from the preceding paragraph that the disjuncts of λ′ to

be of the forms 2r1...rnc or 2r1...rk⊥ (where ri ∈ {2,3} and 1 ≤ k ≤ n) or 2⊥,

so every Tq1,...,qn must imply a formula with one of these forms.

We first show that a term Tq1,...,qn cannot imply a formula of the form 2r1...rk⊥

or 2⊥. The proof is quite straightforward: we consider the model M with a single

world w such that w is connected to itself and all propositional variables are true at

w. It is not hard to see that M,w |= Tq1,...,qn (for any tuple (q1, ..., qn) ∈ {2,3}n).

However, the formula 2r1...rk⊥ (or 2⊥) cannot hold at w since there is no world

in M which has no successors.

Since a term Tq1,...,qn cannot imply a formula 2r1...rk⊥ or 2⊥, it must be the

case that Tq1,...,qn implies some disjunct 2r1...rnc of λ′. By Lemma 4.1.10, the only


formula of this type which is implied by Tq1,...,qn is the formula 2q1...qnc. This

means that for every tuple of quantifiers (q1, ..., qn), there is a disjunct of λ′ which

is equivalent to 2q1...qnc. It follows that every disjunct of λ is equivalent to some

disjunct in λ′, giving us λ |= λ′. We can thus conclude that λ is a prime implicate

of ϕ.

This completes the proof, since we have already shown in Lemma 4.1.11 that

there is no shorter D1-clause which is equivalent to λ than λ itself.

The above proof also works for definition D2 since every clause w.r.t. D2 is

also a clause w.r.t. D1. In particular this means that any D2-clause which is

a prime implicate w.r.t. D1 is also a prime implicate w.r.t. D2, and that any

D2-clause which is shortest among all equivalent D1-clauses is also shortest among

D2-clauses.

4.1.5 Bounds on the number of prime implicates

An examination of the set of candidate prime implicates constructed by our

algorithm allows us to place a bound on the maximal number of non-equivalent

prime implicates a formula can possess.

Theorem 4.1.12.

The number of non-equivalent prime implicates of a formula is at most double

exponential in the length of the formula.

Proof. Consider some formula ϕ. We assume without loss of generality that ϕ is in

NNF. We know from Theorem 4.1.4 that every prime implicate of ϕ is equivalent

to some clause returned by GenPI. Every such clause is of the form∨

T∈Dnf(ϕ) θT

where θT ∈ ∆(T ). As there can be at most 2|ϕ| terms in Dnf(ϕ) by Theorem 2.4.6,

these clauses can have no more than 2|ϕ| disjuncts. Moreover, there are at most

|ϕ| choices for each disjunct θT since the cardinality of ∆(T ) is bounded above by

the number of conjuncts of T , which we know from Theorem 2.4.6 to be no more

than |ϕ|. It follows then that there are at most |ϕ|2|ϕ|

clauses returned by GenPI,

hence at most |ϕ|2|ϕ|

non-equivalent prime implicates of ϕ.

For a tighter bound, suppose that Nnf(ϕ) has at most l mutually non-equivalent

literal subformulae appearing outside the scope of modal operators. We have al-

ready seen in the proof of Theorem 4.1.6 that this means that every prime implicate

is equivalent to a clause∨

T∈T ′ θT for some subset T ′ ⊆ T with cardinality at most

2l. We also know that the elements in T , and hence in the subset T ′, all have at

most l non-equivalent conjuncts (by Theorem 2.4.6), which means that there are


at most l choices for each θT . It follows that there can be no more than l2ldistinct

equivalence classes of prime implicates of the formula ϕ.

We can show this bound to be optimal.

Theorem 4.1.13.

The number of non-equivalent prime implicates of a formula may be double expo-

nential in the length of the formula.

Proof. Let n be some natural number, and let a11, a12, ..., an1, an2, b11, b12, b12,

..., bn1, bn2 be distinct propositional variables. Consider the formula ϕ defined as

n∧

i=1

((3ai1 ∧ 2bi1) ∨ (3ai2 ∧ 2bi2))

It is not hard to see that there will be 2n terms in Dnf(ϕ), corresponding to the 2n

ways of deciding for each i ∈ {1, ..., n} whether to take the first or second disjunct.

Each term T ∈ Dnf(ϕ) will be of the form

n∧

i=1

(3ai f(i,T ) ∧ 2bi f(i,T ))

where f(i, T ) ∈ {1, 2} for all i. For each T , denote by D(T ) the set of formulae

{3(a f(i,T ) ∧ b1 f(1,T ) ∧ ... ∧ bnf(n,T ))) | 1 ≤ i ≤ n}. Now consider the set of clauses

C defined as

{∨

T∈Dnf (ϕ)

dT | dT ∈ D(T )}

Notice that there are n2nclauses in C since each clause corresponds to a choice of

one of the n elements in D(T ) for each of the 2n terms T in Dnf(ϕ). This number

is double exponential in |ϕ| since the length of ϕ is linear in n. In order to complete

the proof, we show that (i) all of the clauses in C are prime implicates of ϕ and (ii)

that the clauses in C are mutually non-equivalent.

We begin by showing that λ1 6|= λ2 for every pair of distinct elements λ1 and

λ2 in C. This immediately gives us (ii) and will prove useful in the proof of (i). Let

λ1 and λ2 be distinct clauses in C. As λ1 and λ2 are distinct, there must be some

term T ∈ Dnf(ϕ) for which λ1 and λ2 choose different elements from D(T ). Let

d1 be the element from D(T ) appearing as a disjunct in λ1, let d2 be the element

in D(T ) which is a disjunct in λ2, and let aj,k be the a-literal which appears in d2

(and hence not in d1). Consider the formula ρ = 2(¬aj,k ∧ ¬b1,k1 ∧ ... ∧ ¬bn,kn),

where the tuple (k1, ..., kn) is just like the tuple associated with T except that the

1’s and 2’s are inversed. Clearly d1 ∧ ρ is consistent, since the variables in ρ do not


appear in d1. But ρ is inconsistent with every disjunct in λ2, since by construction

every disjunct in λ2 contains a literal whose negation appears in ρ. It follows that

λ2 |= ¬ρ but λ1 6|= ¬ρ, and hence λ1 6|= λ2.

We now prove (i). Let λ be a clause in C, and let π be a prime implicate of ϕ

which implies λ. By Theorem 4.1.4, we know that π must be equivalent to one of

the clauses output by GenPI, and more specifically to a clause output by GenPI

which is a disjunction of 3-literals (because of Theorem 2.3.2). We remark that

the set C is composed of exactly those candidate clauses which are disjunctions of

3-literals, so π must be equivalent to some clause in C. But we have just shown

that the only element in C which implies λ is λ itself. It follows that π ≡ λ, which

means that λ is a prime implicate of ϕ.

This worst-case result is robust in that it can be improved neither by restricting

the depth of the input formulae, nor by using less expressive notions of prime

implicate, as is demonstrated by the following theorem.

Theorem 4.1.14.

If prime implicates are defined using either D1 or D2, then the number of non-

equivalent prime implicates of a formula may be doubly exponential in the length of

the formula.

Proof. Let λ and ϕ be as defined on page 97. Set ϕ′ equal to the formula obtained

from ϕ by replacing c in the last conjunct of ϕ by c ∧ d. Set Σ equal to the set of

clauses that can be obtained from λ by replacing zero or more occurrences of c by d.

For example, if n = 1, then Σ = {23c∨22c,23d∨22c,23c∨22d,23d∨22d}.

There are 22nelements in Σ since we choose for each of the 2n disjuncts of λ whether

to change c into d. We intend to show that the clauses in Σ are all pairwise non-

equivalent prime implicates of ϕ′. The proof that every element in Σ is indeed a

prime implicate of ϕ′ (w.r.t. both D1 and D2) proceeds quite similarly to the proof

that λ is a prime implicate (w.r.t. D1 and D2) of ϕ (see proof of Theorem 4.1.8),

so we will not repeat it here. Instead we will show that all of the elements in Σ are

pairwise non-equivalent. To do so, we consider any two distinct elements α and β

of Σ. Since α and β are distinct, there must be some string of quantifiers q1...qn

such that α has a disjunct 2q1...qnγ (γ ∈ {c, d}) which is not a disjunct of β. Now

if α |= β, then we would have 2q1...qnγ |= β, and hence 2q1...qnγ |= 2r1...rnζ for

some disjunct r1...rnζ of β. But by using Lemma 4.1.9, we see that this can only

happen if r1...rn = q1...qn and γ = ζ , i.e. if 2q1...qnγ is a disjunct of β. This

is a contradiction, so we must have α 6|= β. It follows that the elements of Σ are

pairwise non-equivalent, and hence that ϕ′ possesses a double exponential number

of prime implicates.


Theorems 4.1.8 and 4.1.14 suggest that definitions D1 and D2 do not yield

especially interesting approximate notions of prime implicate, as they induce a

significant loss of expressivity without any improvement in the size or number of

prime implicates in the worst-case.

Remark 4.1.15.

The double-exponential lower bounds in this section are pretty frightening, but it

should be noted that this kind of result is not altogether uncommon for logics of

this expressivity. For example, in [DTR06], it is shown that if one approximates

an ALC concept by an ALE concept, the approximated concept may be double-

exponentially larger than the original.

4.1.6 Improving the efficiency of GenPI

Our generation algorithm GenPI corresponds to the simplest possible imple-

mentation of the Distribution property, and it is quite clear that it does not

represent a practicable way for producing prime implicates. One major source of

inefficiency is the high number of clauses that are generated, so if we want to de-

sign a more efficient algorithm, we need to find ways to generate fewer candidate

clauses. There are a couple of different techniques that could be used. One very

simple method which could yield a smaller number of clauses is to eliminate from

∆(T ) those elements which are not prime implicates of T , thereby decreasing the

cardinalities of the ∆(T ) and hence of Candidates. To do this, we simply test

whether any of 2-formulae in ∆(T ) is a tautology (and remove any discovered

tautologies from ∆(T )) and then compare the 3-literals in ∆(T ), discarding any

weaker elements. If we apply this technique to Example 4.1.1, we would remove 3b

from ∆(T1), thereby reducing the cardinality of Candidates from 20 to 15.

More substantial savings could be achieved by using a technique developed in

the framework of propositional logic (cf. discussion in [Mar00]) which consists in

calculating the prime implicates of T1, then the prime implicates of T1 ∨ T2, then

those of T1∨T2∨T3, and so on until we get the prime implicates of the full disjunction

of terms. By interleaving comparison and construction, we can eliminate early on

a partial clause that cannot give rise to prime implicates instead of producing all

of the extensions of the partial clause and then deleting them one by one during

the comparison phase. In Example 4.1.1, there were only two terms, but imagine

that there was a third term T3. Then by applying this technique, we would first

produce the 5 prime implicates of T1 ∨T2 and then we would compare the 5|∆(T3)|

candidate clauses of T1 ∨ T2 ∨ T3. Compare this with the current algorithm which

generates and then compares 20|∆(T3)| candidate clauses.


Another very simple technique which can be fruitfully combined with the previ-

ous one is the following: before forming the different disjunctions of prime implicates

of T1 ∨ ...∨Tk−1 and elements from ∆(Tk), we first check to see whether any prime

implicates of T1 ∨ ... ∨ Tk−1 are already implied by Tk; any prime implicate fulfill-

ing this condition is added directly to the set of prime implicates of T1 ∨ ... ∨ Tkand is not used in the construction of candidate prime implicates. The use of this

technique helps reduce the number of candidate prime implicates of T1 ∨ ... ∨ Tkwhich need to be considered, and it also yields prime implicates which have fewer

unnecessary disjuncts. We illustrate the previous two techniques on the following

example:

Example 4.1.16.

We would like to generate the prime implicates of the formula ϕ defined as:

(a ∨ 2221d)

∧ (¬a ∨ 32(a ∧ b))

∧ 21((a ∨ 32⊤) ∧ (22⊥ ∨ c))

∧ 31(a ∧ ¬c ∧ 22⊥)

We begin by using Dnf to rewrite ϕ as an equivalent disjunction of satisfiable

terms. We obtain the following three satisfiable terms (a fourth unsatisfiable term

is eliminated):

T1 = a ∧ 32(a ∧ b) ∧ 21((a ∨ 32⊤) ∧ (22⊥ ∨ c)) ∧ 31(a ∧ ¬c ∧ 22⊥)

T2 = ¬a ∧ 2221d ∧ 21((a ∨ 32⊤) ∧ (22⊥ ∨ c)) ∧ 31(a ∧ ¬c ∧ 22⊥)

T3 = 32(a ∧ b) ∧ 2221d ∧ 21((a ∨ 32⊤) ∧ (22⊥ ∨ c)) ∧ 31(a ∧ ¬c ∧ 22⊥)

We now generate the prime implicates of the first term T1. To do so, we compute

the set ∆(T1) which is:

{a,32(a∧ b),21((a∨32⊤)∧ (22⊥∨ c)),31(a∧¬c∧22⊥∧ (a∨32⊤)∧ (22⊥∨ c))}

As the four elements in ∆(T1) are all mutually non-implying, they are all prime

implicates of T1.

We next want to compute the prime implicates of the disjunction T1 ∨ T2.

For this, we must compute the disjunctions of the prime implicates of T1 (just

computed) with elements in the set ∆(T2) =

{¬a,2221d,21((a∨32⊤)∧ (22⊥∨ c)),31(a∧¬c∧22⊥∧ (a∨32⊤)∧ (22⊥∨ c))}

We notice, however, that the prime implicates 21((a ∨ 32⊤) ∧ (22⊥ ∨ c)) and

31(a ∧ ¬c ∧ 22⊥ ∧ (a ∨ 32⊤) ∧ (22⊥ ∨ c)) of T1 are both implied by T2, so they


are also prime implicates of T1 ∨ T2. We can thus remove from consideration any

disjunctions built using these prime implicates. By combining the remaining two

prime implicates of T1 with the elements in ∆(T2), we obtain 8 candidate prime

implicates. The candidate a ∨ ¬a is a tautology and hence is removed in the

comparison phase. The three candidates which have either 21((a∨32⊤)∧(22⊥∨c))

or 31(a ∧ ¬c ∧22⊥∧ (a ∨32⊤) ∧ (22⊥∨ c)) as a disjunct will also be removed as

they are logically weaker than the two prime implicates already identified. After

elimination of weaker elements, there are three remaining candidates a ∨ 2221d,

32(a ∧ b) ∨ ¬a, and 32(a ∧ b) ∨ 2221d, which are all prime implicates of T1 ∨ T2.

Finally, we are ready to compute the prime implicates of the entire disjunction

T1 ∨T2 ∨T3. Normally this would involve disjoining the prime implicates of T1 ∨T2

with the elements in the set ∆(T3). However, we remark that each of the prime

implicates of T1∨T2 is implied by T3, so the prime implicates of ϕ ≡ T1∨T2∨T3 are

exactly the same as those of T1∨T2 (as one would expect since T1∨T2 ≡ T1∨T2∨T3).

We thus find that ϕ has 5 prime implicates (modulo equivalence), which are:

a∨2221d, 32(a∧ b) ∨¬a, and 32(a ∧ b)∨2221d, 21((a ∨32⊤)∧ (22⊥∨ c)) and

31(a ∧ ¬c ∧ 22⊥ ∧ (a ∨ 32⊤) ∧ (22⊥∨ c)).

Given that the number of elements in Candidates can be double exponential

in the length of the input formula, another strategy for improving the efficiency

our algorithm is to try to reduce the size of the input. For instance, a natural

idea would be to break conjunctions of formulae into their conjuncts, and then

calculate the prime implicates of each of the conjuncts. Unfortunately, however, we

cannot apply this method to every formula as the prime implicates of the conjuncts

are not necessarily prime implicates of the full conjunction. One solution which

was proposed in the context of approximation of description logic concepts (cf.

[BT02], [TB07]) is to identify simple syntactic conditions that guarantee that we

will get the same result if we break the formula into its conjuncts. For instance, one

possible condition is that the conjuncts do not share any propositional variables.

The formula ϕ from Example 4.1.1 satisfies this condition since the signatures of

the conjuncts a, (31 (b ∧ c) ∧31 b) ∨ (31 b∧ 31 (c ∨ d) ∧21 e ∧ 21 f) and 22 ⊥ are

all disjoint. By generating the prime implicates of the conjuncts separately, we can

directly identify the prime implicates a and 22 ⊥, and we only have 6 candidate

clauses of (31 (b∧ c)∧31 b)∨ (31 b∧31 (c∨d)∧21 e∧21 f) to compare. If we also

remove weaker elements from the ∆(Ti) as suggested above, we get only 3 candidate

clauses for (31 (b ∧ c) ∧ 31 b) ∨ (31 b ∧ 31 (c ∨ d) ∧ 21 e ∧ 21 f), all of which are

prime implicates of ϕ.

Another important source of inefficiency in our algorithm is the comparison

phase in which we compare all candidate clauses one-by-one in order to identify


the strongest ones. The problem with this is of course that in the worst-case

there can be a double exponential number of candidate clauses, simply because

there may be double-exponentially many distinct prime implicates, and each prime

implicate must be equivalent to some candidate clause. Keeping all of these double-

exponentially many clauses in memory will generally not be feasible. Fortunately,

however, it is not necessary to keep the all of the candidate clauses in memory

at once since we can generate them on demand from the sets ∆(T ). Indeed, as

we demonstrate in the following theorem, by implementing our algorithm in a

more clever fashion, we obtain an algorithm which outputs the prime implicates

iteratively while requiring only single exponential space (the output of the algorithm

could of course be double-exponentially large because of Theorem 4.1.13).

Theorem 4.1.17.

There exists an algorithm which runs in single exponential space in the size of the

input and incrementally outputs, without duplicates, the set of prime implicates of

the input formula.

Proof. Let the sets T and Candidates and the function ∆ be defined as in Fig-

ure 4.1. We assume that T is ordered: T = {T1, ..., Tn}. For each Ti ∈ T , we

let max i denote the number of elements in ∆(Ti), and we assume an ordering

on the elements of ∆(Ti): ∆(Ti) = {τi,1, ..., τi,max i}. Notice that the tuples in

{1, ..,max 1} × ... × {1, ...,max n} can be ordered using the standard lexicographic

ordering <lex: (a1, ..., an) <lex (b1, ..., bn) if and only if there is some 1 ≤ j ≤ n such

that aj < bj and ak ≤ bk for all 1 ≤ k ≤ j−1. Now set maxindex = Πni=1maxi, and

let f : {1, ..,max 1}×...×{1, ...,maxm} → {1, ...,maxindex } be the bijection defined

as follows: f(a1, ..., an) = m if and only if (a1, ..., an) is the m-th tuple in the lexi-

cographic ordering of {1, ..,max 1} × ... × {1, ...,max n}. We will denote by λm the

unique clause of form τ1,a1 ∨ ...∨ τn,an such that f(a1, ..., an) = m. We remark that

given an index m ∈ {1, ...,maxindex } and the sets ∆(T1), ..., ∆(Tn), it is possible

to generate in polynomial space (in the size of the sets ∆(T1), ..., ∆(Tn)) the clause

λm. We make use of this fact in our modified version of algorithm GenPI, which

is obtained from GenPI by replacing Steps 3 and 4 with the following:

(3’) For i = 1 to maxindex : if Entails(λj, λi)=no for all j < i and either

Entails(λj, λi)=no or Entails(λi, λj)=yes for every i < j ≤ maxindex ,

then output λi.

The proofs of termination, correctness, and completeness of this modified ver-

sion of GenPI are very similar to corresponding results for the original version


(Theorem 4.1.4), so we will omit the details. We will instead focus on the modi-

fied algorithm’s spatial complexity. The first step clearly runs in single-exponential

space in |ϕ|, since deciding the satisfiability of ϕ takes only polynomial space in

|ϕ|, and generating the elements in Dnf(ϕ) takes at most single exponential space

in |ϕ| (refer to Theorems 2.4.6 and 2.4.7). Step 2 also uses no more than single

exponential space in |ϕ|, since each of the sets ∆(T ) associated with a term Ti ∈ T

has polynomial size in Ti. Finally, for Step 3’, we use the above observation that

the generation of a given λi from its index i can be done in polynomial space in

the size of the sets ∆(T1), ..., ∆(Tn), and hence in single exponential space in |ϕ|.

This is sufficient since for the comparisons in Step 3’, we only need to keep two

candidate clauses in memory at any one time, and deciding whether one candidate

clause entails another can be accomplished in single-exponential space since both

clauses have single exponential size in |ϕ|, and entailment in Kn can be done in

polynomial space in the size of the input formulae (Corollary 2.5.9).

Although the modified algorithm outlined in the proof of Theorem 4.1.17 has a

much better spatial complexity than the original, it still does not yield a practicable

means for generating prime implicates. The reason is that we still need to compare

each of the candidate clauses against all the other candidate clauses in order to

decide whether a candidate clause is a prime implicate or not. Given that there

may be double-exponentially many candidate clauses, this means that our algorithm

may need to perform double-exponentially many entailment tests before producing

even a single prime implicate. A much more promising approach would be to test

directly whether or not a candidate clause is a prime implicate without considering

all of the other candidate clauses. In order to implement such an approach, we

must come up with a procedure for determining whether or not a given clause is a

prime implicate. This will be our objective in the following section.

4.2 Prime Implicate Recognition

The focus of this section is the problem of recognizing prime implicates, that is,

the problem of deciding whether a given clause is a prime implicate of a given for-

mula. This problem is of central importance, as any algorithm for generating prime

implicates must contain (implicitly or explicitly) some mechanism for ensuring that

the generated clauses are indeed prime implicates.

110 4.2. Prime Implicate Recognition

4.2.1 Lower bound

In propositional logic, prime implicate recognition is BH2-complete [Mar00],

being as hard as both satisfiability and deduction. In Kn, satisfiability, unsatisfia-

bility, and deduction are all Pspace-complete, so we cannot hope to find a prime

implicate recognition algorithm with a complexity of less than Pspace.

Theorem 4.2.1.

Prime implicate recognition is Pspace-hard.

Proof. The reduction is simple: a formula ϕ is unsatisfiable if and only if ⊥ is a

prime implicate of ϕ. This suffices as the problem of checking the unsatisfiability

of formulae in Kn is known to be Pspace-complete.

4.2.2 Naıve approach

In order to obtain a first upper bound, we can exploit Theorem 4.1.6 which tells

us that there exists a polynomial function f such that the length of the smallest

clausal representation of a prime implicate of a formula ϕ is bounded by 2f(|ϕ|).

This leads to a simple exponential-space procedure for determining if a clause λ is

a prime implicate of a formula ϕ: we simply check for every clause λ′ of length at

most 2f(|ϕ|) whether λ′ is an implicate of ϕ which implies λ but is not implied by

λ.

Theorem 4.2.2.

Prime implicate recognition is in Expspace.

Proof. Consider the following algorithm for determining whether a clause λ is a

prime implicate of ϕ: check for each clause λ′ of length at most 2|ϕ|∗2|ϕ|+(2|ϕ|−1)

which is an implicate of ϕ whether both Entails(λ′, λ)=yes and Entails(λ, λ′)=no.

If there is some λ′ satisfying these conditions, return no, otherwise return yes.

Notice that if this algorithm returns yes, then there is no implicate of length at

most 2|ϕ| ∗ 2|ϕ| + (2|ϕ| − 1) that is strictly stronger than λ, and hence by Theorem

4.1.6 no strictly stronger implicate of any length, making λ a prime implicate. If

the algorithm returns no, then we have found a clause implied by ϕ which is strictly

stronger than λ, so λ is not a prime implicate. The algorithm is thus both correct

and complete. As the algorithm consists solely in testing the satisfiability and

unsatisfiability of formulae having length at most single exponential in |ϕ| + |λ|,

and both tasks can be accomplished in polynomial space in the size of the input

(by Theorem 2.5.7), the algorithm can be executed in exponential space.


4.2.3 Decomposition theorem

Of course, the problem with the naıve approach just presented is that it doesn’t

take into account the structure of λ, so we end up comparing a huge amount of

irrelevant clauses, which is exactly what we were hoping to avoid. The algorithm

that we propose later in this chapter avoids this problem by exploiting the informa-

tion in the input formula and clause in order to cut down on the number of clauses

to test. The key to our algorithm is the following theorem which shows us how

the general problem of prime implicate recognition can be decomposed into the

more specialized tasks of prime implicate recognition for propositional formulae,

2-formulae, and 3-formulae.

To simplify the presentation of the theorem, we let Π(ϕ) refer to the set of prime

implicates of ϕ, and we use the notation λ\{l1, ..., ln} to refer to the clause obtained

by removing each of the literals li from λ. For example (a ∨ b ∨ e ∨ 3c) \ {a,3c}

refers to the clause b ∨ e.

Theorem 4.2.3.

Let ϕ be a formula of Kn, and let λ =

γ1 ∨ ... ∨ γk ∨n∨

i=1

(3i ψi,1 ∨ ... ∨ 3i ψi,li ∨ 2i χi,1 ∨ ... ∨ 2i χi,mi)

(γ1 ∨ ... ∨ γk propositional) be a non-tautologous clause such that (a) χi,j ≡ χi,j ∨

ψi,1 ∨ ... ∨ ψi,li for all 1 ≤ i ≤ n and 1 ≤ j ≤ mi, and (b) there is no literal l in λ

such that λ ≡ λ \ {l}. Then λ ∈ Π(ϕ) if and only if the following conditions hold:

1. γ1 ∨ ... ∨ γk ∈ Π(ϕ ∧ ¬(λ \ {γ1, ..., γk}))

2. 2i (χi,j ∧ ¬ψi,1 ∧ ... ∧ ¬ψi,li) ∈ Π(ϕ ∧ ¬(λ \ {2χi,j}))

for every 1 ≤ i ≤ n and 1 ≤ j ≤ mi

3. 3i (ψi,1 ∨ ... ∨ ψi,li) ∈ Π(ϕ ∧ ¬(λ \ {3i ψi,1, ...,3i ψi,li}))

for every 1 ≤ i ≤ n

For the proof of Theorem 4.2.3, we will require the following two lemmas:

Lemma 4.2.4.


γ1 ∨ ... ∨ γk ∨n∨

i=1


be a non-tautologous clause such that γ1∨ ...∨γk is a propositional clause. Suppose

furthermore that there is no literal l in λ such that λ ≡ λ \ {l}. If γ1 ∨ ... ∨ γk 6∈


Π(ϕ∧¬(λ\{γ1, ..., γk})), or 3i (ψi,1∨ ...∨ψi,li) 6∈ Π(ϕ∧¬(λ\{3i ψi,1, ...,3i ψi,li}))

for some i, or 2i (χi,j ∧¬ψi,1∧ ...∧¬ψi,li) 6∈ Π(ϕ∧¬(λ\{2χi,j})) for some i and j,

then λ 6∈ Π(ϕ).

Proof. We will only consider the case where ϕ |= λ because if ϕ 6|= λ then we

immediately get λ 6∈ Π(ϕ).

Let us first suppose that γ1 ∨ ... ∨ γk 6∈ Π(ϕ ∧ ¬(λ \ {γ1, ..., γk})). Since ϕ |= λ,

we must also have ϕ ∧ ¬(λ \ {γ1, ..., γk}) |= γ1 ∨ ... ∨ γk, so γ1 ∨ ... ∨ γk is an

implicate of ϕ ∧ ¬(λ \ {γ1, ..., γk}). As γ1 ∨ ... ∨ γk is known not to be a prime

implicate of ϕ ∧ ¬(λ \ {γ1, ..., γk}), it follows that there must be some clause λ′

such that ϕ ∧ ¬(λ \ {γ1, ..., γk}) |= λ′ |= γ1 ∨ ... ∨ γk 6|= λ′. Now consider the clause

λ′′ = λ′ ∨∨ni=1(3i ψi,1 ∨ ...∨3i ψi,li ∨2iχi,1 ∨ ...∨2iχi,mi

). We know that ϕ |= λ′′

since ϕ ∧ ¬(λ \ {γ1, ..., γk}) |= λ′, and that λ′′ |= λ because λ′ |= γ1 ∨ ... ∨ γk. We

also have λ 6|= λ′′ since λ′ must be equivalent to a propositional clause (by Theorem

2.3.2) and the propositional part of λ (namely γ1 ∨ ... ∨ γk) does not imply λ′. It

follows then that ϕ |= λ′′ |= λ 6|= λ′′, so λ 6∈ Π(ϕ).

Next suppose that 3s (ψs,1 ∨ ... ∨ ψs,ls) 6∈ Π(ϕ ∧ ¬(λ \ {3s ψs,1, ...,3s ψs,ls})).

Now 3s (ψs,1 ∨ ... ∨ ψs,ls) must be an implicate of ϕ ∧ ¬(λ \ {3s ψs,1, ...,3ψs,ls})

since we have assumed that ϕ |= λ. As 3s (ψs,1∨ ...∨ψs,ls) is not a prime implicate

of ϕ∧¬(λ\{3s ψs,1, ...,3ψs,ls}), it follows that there is some λ′ such that ϕ∧¬(λ\

{3s ψs,1, ...,3ψs,ls}) |= λ′ |= 3s (ψs,1 ∨ ... ∨ ψs,ls) 6|= λ′. Set λ′′ equal to

γ1 ∨ ... ∨ γk ∨ λ′ ∨

∨

1≤i≤ni6=s

(3i ψi,1 ∨ ... ∨ 3i ψi,li) ∨n∨

i=1

(2iχi,1 ∨ ... ∨ 2iχi,mi)

Because of Theorem 2.3.2, we know that λ′ is a disjunction of 3-literals, so according

to Theorem 2.3.3 we must have λ 6|= λ′′ since 3s (ψs,1 ∨ ... ∨ ψs,ls) 6|= λ′. We also

know that ϕ |= λ′′ since ϕ∧¬(λ\{3s ψs,1, ...,3s ψs,ls}) |= λ′ and that λ′′ |= λ since

λ′ |= 3s (ψs,1 ∨ ... ∨ ψs,ls). That means that ϕ |= λ′′ |= λ 6|= λ′′, so λ 6∈ Π(ϕ).

Finally consider the case where 2s (χs,t ∧ ¬ψs,1 ∧ ... ∧ ¬ψs,ls) 6∈ Π(ϕ ∧ ¬(λ \

{2χs,t})). We know that ϕ |= λ and hence that ϕ ∧ ¬(λ \ {2s χs,t}) |= 2s χs,t.

Moreover, since ¬(λ \ {2s χs,t}) |= ¬3s ψs,j for all 1 ≤ j ≤ sl, we have ϕ ∧

¬(λ \ {2s χs,t}) |= 2s (χs,t ∧ ¬ψs,1 ∧ ... ∧ ¬ψs,ls). Thus, if 2s (χs,t ∧ ¬ψs,1 ∧ ... ∧

¬ψs,ls) 6∈ Π(ϕ ∧ ¬(λ \ {2s χs,t})), it must mean that there is some λ′ such that

ϕ ∧ ¬(λ \ {2s χs,t}) |= λ′ |= 2s (χs,t ∧ ¬ψs,1 ∧ ... ∧ ¬ψs,ls) 6|= λ′. By assumption, λ

is not a tautology, so 2s (χs,t ∧ ¬ψs,1 ∧ ... ∧ ¬ψs,ls) cannot be a tautology either.

As λ′ |= 2s (χs,t ∧ ¬ψs,1 ∧ ... ∧ ¬ψs,ls) and 2s (χs,t ∧ ¬ψs,1 ∧ ... ∧ ¬ψs,ls) is not

a tautology, it follows from Theorem 2.3.2 that λ′ is equivalent to some formula


2s ζ1 ∨ ... ∨ 2s ζp. Now let λ′′ =

γ1∨...∨γk∨n∨

i=1

(3i ψi,1∨...∨3i ψi,li)∨(λ′∨∨

1≤j≤ms

j 6=t

2s χs,j)∨∨

1≤i≤ni6=s

(2iχi,1∨...∨2iχi,mi)

As ϕ∧¬(λ\{2s χs,t}) |= 2s ζ1∨...∨2s ζp, it must be the case that ϕ |= λ′′. Also, we

know that there can be no q such that χs,t |= ζq ∨ψs,1∨ ...∨ψs,ls because otherwise

we would have χs,t∧¬ψs,1∧...∧¬ψs,ls |= ζq and hence 2s (χs,t∧¬ψs,1∧...∧¬ψs,ls) |=

2s ζ1∨...∨2s ζp. Similarly, there can be no q 6= t such that χs,t |= χs,q∨ψs,1∨...∨ψs,lsbecause this would mean that λ ≡ λ \ {2χs,t}, contradicting our assumption that

there are no superfluous disjuncts in λ. It follows then by Theorem 2.3.3 that

λ 6|= λ′′. Thus, ϕ |= λ′′ |= λ 6|= λ′′, which means λ 6∈ Π(ϕ).

Lemma 4.2.5.


γ1 ∨ ... ∨ γk ∨n∨

i=1


be a non-tautologous clause such that γ1∨ ...∨γk is a propositional clause. Suppose

furthermore that there is no literal l in λ such that λ ≡ λ \ {l}. Then if λ 6∈ Π(ϕ),

either γ1∨ ...∨γk 6∈ Π(ϕ∧¬(λ\{γ1, ..., γk})), or 3s (ψs,1∨ ...∨ψs,ls) 6∈ Π(ϕ∧¬(γ1∨

...∨γk∨(2s (χs,1∨ψs,1∨...∨ψs,ls)∨...∨2s (χs,ms∨ψs,1∨...∨ψs,ls))∨∨

1≤i≤ni6=s

(3i ψi,1∨

... ∨ 3i ψi,li ∨ 2i χi,1 ∨ ... ∨ 2i χi,mi)) for some s, or 2i (χi,j ∧ ¬ψi,1 ∧ ... ∧ ¬ψi,li) 6∈

Π(ϕ ∧ ¬(λ \ {2χi,j})) for some i and j.

Proof. We will only consider the case where ϕ |= λ because if ϕ 6|= λ then we

immediately get the result. Suppose then that λ 6∈ Π(ϕ) and ϕ |= λ. By Definition

3.2.1, there must be some λ′ = γ′1 ∨ ... ∨ γ′o ∨

∨ni=1(3i ψ

′i,1 ∨ ... ∨ 3i ψ

′i,pi

∨ 2iχ′i,1 ∨

... ∨ 2iχ′i,qi

) such that ϕ |= λ′ |= λ 6|= λ′. Since λ 6|= λ′, by Proposition 2.3.3 we

know that either γ1 ∨ ... ∨ γk 6|= γ′1 ∨ ... ∨ γ′o, or ψs,1 ∨ ... ∨ ψs,ls 6|= ψ′s,1 ∨ ... ∨ ψ

′s,ps

for some s, or for some s and t we have χs,t 6|= χ′s,u ∨ ψ′s,1 ∨ ... ∨ ψ

′s,ps

for all u.

We begin with the case where γ1 ∨ ... ∨ γk 6|= γ′1 ∨ ... ∨ γ′o. As λ′ |= λ and

6|= λ, by Theorem 2.3.3, we know that for every 1 ≤ i ≤ n: ψ′i,1 ∨ ... ∨ ψ′i,pi|=

ψi,1 ∨ ... ∨ ψi,li and for every 1 ≤ u ≤ qi there is some 1 ≤ v ≤ mi such that

χ′i,u |= ψi,1 ∨ ...∨ψi,li ∨χi,v. It follows then (also by Theorem 2.3.3) that ϕ |= λ′ |=

γ′1 ∨ ... ∨ γ′o ∨∨ni=1(3i ψi,1 ∨ ... ∨ 3i ψi,li ∨ 2i χi,1 ∨ ... ∨ 2i χi,mi

), and hence that

ϕ∧¬(λ \{γ1, ..., γk}) |= γ′1 ∨ ...∨ γ′o. As γ′1 ∨ ...∨ γ

′o |= γ1 ∨ ...∨ γk 6|= γ′1 ∨ ...∨ γ

′o, we

have found an implicate of ϕ∧¬(λ\{γ1, ..., γk}) which is stronger than γ1∨ ...∨γk,

so γ1 ∨ ... ∨ γk 6∈ Π(ϕ ∧ ¬(λ \ {γ1, ..., γk})).


Next suppose that ψs,1 ∨ ... ∨ ψs,ls 6|= ψ′s,1 ∨ ... ∨ ψ′s,ps

. As λ′ |= λ and 6|= λ, it

follows from Theorem 2.3.3 that γ′1 ∨ ...∨ γ′o |= γ1 ∨ ...∨ γk and for every 1 ≤ i ≤ n:

ψ′i,1 ∨ ...∨ψ′i,pi

|= ψi,1 ∨ ...∨ψi,li and for every 1 ≤ u ≤ qi there is some 1 ≤ v ≤ mi

such that χ′i,u |= ψi,1 ∨ ... ∨ ψi,li ∨ χi,v. We thereby obtain

ϕ |= λ′ |= γ1 ∨ ... ∨ γk ∨ (3s ψ′s,1 ∨ ... ∨ 3s ψ

′s,ps

)

∨ (2s (χs,1 ∨ ψs,1 ∨ ... ∨ ψs,ls) ∨ ... ∨ 2s (χs,ms ∨ ψs,1 ∨ ... ∨ ψs,ls))

∨∨

1≤i≤ni6=s


From this, we can infer that

ϕ ∧ ¬(γ1 ∨ ... ∨ γk ∨ (2s (χs,1 ∨ ψs,1 ∨ ... ∨ ψs,ls) ∨ ... ∨ 2s (χs,ms ∨ ψs,1 ∨ ... ∨ ψs,ls))

∨∨

1≤i≤ni6=s

(3i ψi,1 ∨ ... ∨ 3i ψi,li ∨ 2i χi,1 ∨ ... ∨ 2i χi,mi))

|= 3s ψ′s,1 ∨ ... ∨ 3ψ′s,ps

|= 3s ψs,1 ∨ ... ∨ 3ψs,ls 6|= 3s ψ′s,1 ∨ ... ∨ 3ψ′s,ps

As 3s ψs,1∨ ...∨3s ψs,ls ≡ 3s (ψs,1∨ ...∨ψs,ls), it follows that 3s (ψs,1∨ ...∨ψs,ls) 6∈

Π(ϕ∧¬(γ1∨ ...∨γk∨ (2s (χs,1∨ψs,1∨ ...∨ψs,ls)∨ ...∨2s (χs,ms ∨ψs,1∨ ...∨ψs,ls))∨∨

1≤i≤ni6=s

(3i ψi,1 ∨ ... ∨ 3i ψi,li ∨ 2i χi,1 ∨ ... ∨ 2i χi,mi)).

Finally suppose that χs,t 6|= χ′s,u ∨ ψ′s,1 ∨ ... ∨ ψ′s,psfor all u and furthermore

that ψi,1 ∨ ... ∨ ψi,li |= ψ′i,1 ∨ ... ∨ ψ′i,pifor all 1 ≤ i ≤ n (we have already shown

the result holds whenever ψi,1 ∨ ... ∨ ψi,li 6|= ψ′i,1 ∨ ... ∨ ψ′i,pifor some i). Now

2s (χs,t∧¬ψs,1 ∧ ...∧¬ψs,ls) is an implicate of ϕ∧¬(λ \{2s χs,t})) so to show that

2s (χs,t ∧ ¬ψs,1 ∧ ... ∧ ¬ψs,ls) is not a prime implicate of ϕ ∧ ¬(λ \ {2s χs,t})), we

must find some stronger implicate. Set S = {v ∈ {1, ..., qs} : χ′s,v |= χs,t∨ψs,1∨ ...∨

ψs,ls and χ′s,v 6|= χs,w ∨ ψs,1 ∨ ... ∨ ψs,ls for w 6= t}. We note that there must be at

least one element in S as we have assumed ϕ 6|= λ \ {2s χs,t}. We also know that:

• γ′1 ∨ ... ∨ γ′o |= γ1 ∨ ... ∨ γk

• for every 1 ≤ i ≤ n: ψ′i,1 ∨ ... ∨ ψ′i,pi

|= ψi,1 ∨ ... ∨ ψi,li• for every i 6= s and 1 ≤ v ≤ qi: there is some w

such that χ′i,v |= χi,w ∨ ψi,1 ∨ ... ∨ ψi,li• for every 1 ≤ v ≤ qs with v 6∈ S: there is some w 6= t

such that χ′s,v |= χs,w ∨ ψs,1 ∨ ... ∨ ψs,ls• for every v ∈ S: χ′s,v |= χ′s,v


From these statements, we get that

ϕ |= λ′ |= γ1 ∨ ... ∨ γk ∨n∨

i=1

(3i ψi,1 ∨ ... ∨ 3i ψi,li)∨

∨

1≤i≤ni6=s

(2i χi,1 ∨ ... ∨ 2i χi,mi) ∨

∨

1≤w≤ms

w 6=t

2s χs,w ∨∨

v∈S

2s χ′s,v

It follows that ϕ ∧ ¬(λ \ {2s χs,t}) |=∨

v∈S 2s (χ′s,v ∧ ¬ψs,1 ∧ ... ∧ ψs,ls), which

means that∨

v∈S 2s (χ′s,v ∧¬ψs,1 ∧ ...∧ψs,ls) is an implicate of ϕ∧¬(λ \{2s χs,t}).

Moreover,∨

v∈S 2s (χ′s,v ∧ ¬ψs,1 ∧ ... ∧ ψs,ls) |= 2s (χs,t ∧ ¬ψs,1 ∧ ... ∧ ¬ψs,ls) since

by construction χ′s,v |= χs,t ∨ ψs,1 ∨ ... ∨ ψs,ls for every v ∈ S.

It remains to be shown that 2s (χs,t ∧ ¬ψs,1 ∧ ... ∧ ¬ψs,ls) 6|=∨

v∈S 2s (χ′s,v ∧

¬ψs,1 ∧ ... ∧ ψs,ls). Suppose for a contradiction that the contrary holds. Then

2s (χs,t∧¬ψs,1∧...∧¬ψs,ls) |=∨

v∈S 2s (χ′s,v∧¬ψs,1∧...∧ψs,ls), so by Theorem 2.3.1,

there must be some v ∈ S for which χs,t∧¬ψs,1∧...∧¬ψs,ls |= χ′s,v∧¬ψs,1∧...∧¬ψs,ls.

But then χs,t |= χ′s,v ∨ ψs,1 ∨ ... ∨ ψs,ls , and thus χs,t |= χ′s,v ∨ ψ′s,1 ∨ ... ∨ ψ

′s,ps

since

we have assumed ψs,1 ∨ ... ∨ ψs,ls |= ψ′s,1 ∨ ... ∨ ψ′s,ps

. This contradicts our earlier

assumption that χs,t 6|= χ′s,u ∨ ψ′s,1 ∨ ... ∨ ψ

′s,ps

for all u. Thus, we have shown that

2s (χs,t ∧ ¬ψs,1 ∧ ... ∧ ¬ψs,ls) 6|=∨

v∈S 2s (χ′s,v ∧ ¬ψs,1 ∧ ... ∧ ψs,ls), which means

2s (χs,t ∧ ¬ψs,1 ∧ ... ∧ ¬ψs,ls) 6∈ Π(ϕ ∧ ¬(λ \ {2s χs,t})).

Proof of Theorem 4.2.3. The forward direction was shown in Lemma 4.2.4. The

other direction follows from Lemma 4.2.5 together with the hypothesis that χi,j ≡

χi,j ∨ψi,1∨ ...∨ψi,li for all 1 ≤ i ≤ n and 1 ≤ j ≤ mi (which ensures that ϕ∧¬(γ1∨

...∨γk∨(2s (χs,1∨ψs,1∨...∨ψs,ls)∨...∨2s (χs,ms∨ψs,1∨...∨ψs,ls))∨∨

1≤i≤ni6=s

(3i ψi,1∨

... ∨ 3i ψi,li ∨ 2i χi,1 ∨ ... ∨ 2i χi,mi) ≡ ϕ ∧ ¬(λ \ {3s ψs,1, ...,3s ψs,ls})).

We remark that the restriction of Theorem 4.2.3 to clauses for which χi,j ≡

χi,j ∨ ψi,1 ∨ ... ∨ ψi,li for all i and j and for which λ 6≡ λ \ {l} for all disjuncts

l is required. If we drop the former restriction, then there are some non-prime

implicates that satisfy all three conditions, as the following example demonstrates.

Example 4.2.6.

Consider the formula ϕ = 3(a∧ b∧ c)∨2a and the clause λ = 3(a∧ b)∨2(a∧¬b).

It can be easily shown that λ is an implicate of ϕ, but λ is not a prime implicate

of ϕ since there exist stronger implicates (e.g. ϕ itself). Nonetheless, it can be

verified that both 2(a∧¬b∧¬(a∧ b)) ∈ Π(ϕ∧¬(λ \ {2(a∧¬b)})) and 3(a∧ b) ∈

Π(ϕ ∧ ¬(λ \ {3(a ∧ b)})).


If we drop the requirement that λ 6≡ λ \ {l} for all disjuncts l, then there are

prime implicates which fail to satisfy one of the three conditions, as witnessed by

the following example.

Example 4.2.7.

Consider the formula 2a and the clause 2a ∨ 2(a ∧ b). We have 2(a ∧ b) 6∈

Π(2a ∧ ¬(2a)) even though 2a ∨ 2(a ∧ b) is a prime implicate of 2a.

These two restrictions are without loss of generality however since every clause

can be transformed into an equivalent clause satisfying them. For the first restric-

tion, we replace each 2i χi,j by 2i (χi,h ∨ ψi,1 ∨ ... ∨ ψi,li), thereby transforming a

clause γ1 ∨ ... ∨ γk ∨∨ni=1(3i ψi,1 ∨ ... ∨ 3i ψi,li ∨ 2i χi,1 ∨ ... ∨ 2i χi,mi

) into the

equivalent γ1 ∨ ...∨ γk ∨∨ni=1(3i ψi,1 ∨ ...∨3i ψi,li ∨2i (χi,1 ∨ψi,1 ∨ ...∨ψi,li)∨ ...∨

2i (χi,mi∨ψi,1 ∨ ...∨ψi,li)). Then to make the clause satisfy the second restriction,

we simply remove from λ those disjuncts l satisfying λ ≡ λ \ {l} until no such

disjuncts remains.

Theorem 4.2.3 shows us how prime implicate recognition can be split into three

more specialized sub-tasks, but it does not tell us how to carry out these tasks.

Thus, in order to turn this theorem into an algorithm for prime implicate recogni-

tion, we need to figure out how to test whether a propositional clause, a 2-literal,

or a 3-literal is a prime implicate of a formula.

4.2.4 Prime implicate recognition for

propositional clauses

Determining whether a propositional clause is a prime implicate of a formula

in Kn is conceptually no more difficult than determining whether a propositional

clause is a prime implicate of a propositional formula. We first ensure that the

clause is an implicate of the formula and then make sure that all literals appearing

in the clause are necessary.

Theorem 4.2.8.

Let ϕ be a formula of Kn, and let γ be a non-tautologous propositional clause such

that ϕ |= γ and such that there is no literal l in γ such that γ ≡ γ \ {l}. Then

γ ∈ Π(ϕ) if and only if ϕ 6|= γ \ {l} for all l in γ.

Proof. Consider a formula ϕ and a non-tautologous propositional clause λ such that

ϕ |= λ and such that there is no literal l in λ such that λ ≡ λ \ {l}. Suppose that

ϕ |= λ \ {l} for some l in λ. As we know that λ 6≡ λ \ {l}, it follows that λ \ {l}

is an implicate of ϕ which is strictly stronger than λ, so λ is not a prime implicate


of ϕ. For the other direction, suppose that λ 6∈ Π(ϕ). Then it must be the case

that there is some clause ρ such that ϕ |= ρ |= λ 6|= ρ. Since ρ |= λ, it follows from

Theorem 2.3.2 that each literal in ρ is a propositional literal of λ or is inconsistent.

If all of the literals in ρ are inconsistent, then both ρ and ϕ must be inconsistent,

so clearly ϕ |= γ \ {l} for every l in γ. Otherwise, ρ is equivalent to a propositional

clause, and more specifically to a propositional clause containing only those literals

appearing in λ (since ρ |= λ). As ρ is strictly stronger than λ, there must be some

literal l in λ which does not appear in ρ. But that means ρ |= λ \ {l} and so

ϕ |= λ \ {l}, completing the proof.

4.2.5 Prime implicate recognition for 2-formulae

We now move on to the problem of deciding whether a clause of the form 2i χ

is a prime implicate of a formula ϕ. We remark that if 2i χ is implied by ϕ, then

it must also be implied by each of the terms T in T =Dnf(ϕ). But if T |= 2i χ

and T is satisfiable, then it must be the case that the conjunction of the 2i-literals

in T implies 2i χ. This means that the formula∨

T∈T ;T 6|=⊥2i

∧

ζ∈Boxi(T ) ζ is an

implicate of ϕ which implies 2i χ, and moreover it is the strongest such implicate.

It follows then that 2i χ is a prime implicate of ϕ just in the case that 2i χ entails

this formula. But we know from results in Chapter 2 that the latter holds if and

only if χ |=∧

ζ∈Boxi(T ) ζ for some satisfiable T . Thus, by comparing the formula χ

with the formulae∧

ζ∈Boxi(T ) ζ associated with the satisfiable terms of ϕ, we can

decide whether or not 2i χ is a prime implicate of ϕ.

Theorem 4.2.9.

Let ϕ be a formula of Kn, and let λ = 2i χ be a non-tautologous clause such that

ϕ |= λ. Then λ ∈ Π(ϕ) if and only if there exists some satisfiable term T ∈Dnf(ϕ)

such that χ |=∧

ζ∈Boxi(T ) ζ.

Proof. Let ϕ be some formula, and let λ = 2i χ be a non-tautologous clause such

that ϕ |= λ. Set T =Dnf(ϕ). For the first direction, suppose that there is no

satisfiable term T ∈ T such that χ |=∧

ζ∈Boxi(T ) ζ. We first remark that since

ϕ |= λ, every T must entail λ. Moreover, since λ is a non-tautologous 2i-formula,

every term T ∈ T must be either unsatisfiable or such that Boxi(T ) 6= ∅ and∧

ζ∈Boxi(T ) ζ |= χ. If T contains only unsatisfiable terms, then λ |= ⊥ but 2i χ 6|= ⊥,

so λ is not a prime implicate. If there is at least one satisfiable term in T , then

consider the clause

λ′ =∨

T∈T :T 6|=⊥

2i

∧

ζ∈Boxi(T )

ζ


For every T , we must have T |= λ′ since either T is unsatisfiable or it entails

2i

∧

ζ∈Boxi(T ) ζ. This means that ϕ |= λ′. We also have λ′ |= λ, because∧

ζ∈Boxi(T ) ζ |=

χ for every satisfiable T . Finally, we must have λ 6|= λ′, because of statement 8 of

Theorem 2.3.1 and our earlier assumption that χ 6|=∧

ζ∈Boxi(T ) ζ for every satis-

fiable T ∈ T . So we have ϕ |= λ′ |= λ 6|= λ′, which means that λ is not a prime

implicate of ϕ.

For the other direction, suppose that 2i χ is not a prime implicate of ϕ. If

T is composed entirely of unsatisfiable terms, then there clearly cannot exist any

satisfiable term T ∈ T such that χ |=∧

ζ∈Boxi(T ) ζ. Suppose then that T contains

at least one satisfiable term. We intend to show that the clause

λ′ =∨

T∈T :T 6|=⊥

2i

∧

ζ∈Boxi(T )

ζ

is a prime implicate of T . To do so, we let κ be some implicate of ϕ which implies

λ′. Now since λ′ is a non-tautologous disjunction of 2-formulae, it follows from

Theorem 2.3.2 that κ ≡ 2i γ1 ∨ ... ∨ 2i γm for some formulae γj. As ϕ |= κ, we

must have T |= 2i γ1∨ ...∨2i γm for all T ∈Dnf(ϕ). But that can only be the case

if 2i

∧

ζ∈Boxi(T ) ζ |= 2i γ1 ∨ ... ∨ 2i γm for all satisfiable T (Theorem 2.3.1), which

means λ′ |= 2i γ1 ∨ ... ∨ 2i γm. As λ′ implies every implicate of ϕ that implies it,

it must be a prime implicate of ϕ. But this means that 2i χ 6|= λ′, since we have

assumed that 2iχ is not a prime implicate of ϕ. It follows from statement 8 of

Theorem 2.3.1 that χ 6|= 2i

∧

ζ∈Boxi(T ) ζ for all satisfiable T ∈Dnf(ϕ).

4.2.6 Prime implicate recognition for 3-formulae

Finally let us turn to the problem of deciding whether a clause 3ψ is a prime

implicate of a formula ϕ. Now we know by Covering that if 3ψ is an implicate of

ϕ, then there must be some prime implicate π of ϕ which implies 3ψ. It follows

from Theorem 2.3.2 that π must be a disjunction of 3-literals, and from Theorem

4.1.4 that π is equivalent to a disjunction∨

T∈Dnf-4(ϕ) 3dT where 3dT is an element

of ∆(T ) for every T (refer back to Figure 4.1 for the definition of ∆(T )). According

to Definition 3.2.1, 3ψ is a prime implicate of ϕ just in the case that 3ψ |=∨

T∈Dnf-4(ϕ) 3dT , or equivalently ψ |=∨

T∈Dnf-4(ϕ) dT . Thus, 3ψ is not a prime

implicate of ϕ just in the case that there is a choice of 3dT ∈ ∆(T ) for each

T ∈ Dnf-4(ϕ) such that∨

T∈Dnf-4(ϕ) dT |= ψ and ψ 6|=∨

T∈Dnf-4(ϕ) dT .

Testing directly whether ψ entails some formula∨

T∈Dnf-4(ϕ) dT could take ex-

ponential space in the worst case since there may be exponentially many terms in

Dnf-4(ϕ). Luckily, however, we can get around this problem by exploiting the

structure of the formula∨

T∈Dnf-4(ϕ) dT . We remark that because of the way ∆(T )


is defined the formula dT must be a conjunction of formulae ζ such that 2ζ or

3ζ appears in Nnf(ϕ) outside the scope of modal operators – we will use X to

denote the set of formulae ζ satisfying this condition. We show in what follows

that ψ 6|=∨

T∈Dnf-4(ϕ) dT implies the existence of a subset S ⊆ X such that (a)

ψ 6|=∨

σ∈S σ and (b) every dT has at least one conjunct from the set S. Conversely,

the existence of such a subset of X implies ψ 6|=∨

T∈Dnf-4(ϕ) dT . This observation

is the basis for the algorithm Test3PI given in Figure 4.2. The basic idea behind

the algorithm Test3PI is to try out each of the different subsets of X in order

to see whether some subset satisfies the aforementioned conditions. If we find a

suitable subset, this proves that 3ψ is not a prime implicate, and if no such subset

exists, then we can be sure there is no stronger implicate than 3ψ. The algorithm

can be shown to run in polynomial space since there can be at most |ϕ| elements

in X , and we can consider the terms in Dnf(ϕ) one at a time.

Algorithm 4.2 Test3PI

Input: a clause 3i ψ and a formula ϕ such that ϕ |= 3i ψ

Output: yes if 3i ψ is a prime implicate of ϕ, otherwise no

(1) If Sat(ϕ)=no, return yes if Sat(ψ)=no, else return no.

(2) Set X equal to the set of formulae ζ such that 2i ζ or 3i ζ appears in Nnf(ϕ)

outside the scope of modal operators.

(3) For each S ⊆ X , test whether the following two conditions hold:

(a) Entails(ψ,∨

σ∈S σ)=no

(b) for each Tj ∈ Dnf(ϕ) such that Sat(Tj)=yes, there exists conjuncts

3ηj ,2µj,1, ...,2µj,kjof Tj such that:

(i) {ηj , µj,1, ..., µj,kj} ∩ S 6= ∅

(ii) Entails(3i (ηj ∧ µj,1 ∧ ... ∧ µj,kj),3i ψ)=yes

Return no if some S satisfies these conditions, and yes otherwise.

We will split the proof of correctness of Test3PI into two parts.

Lemma 4.2.10.

If 3i ψ is not a prime implicate of ϕ, the algorithm Test3PI returns no on input

(3i ψ, ϕ).

Proof. Suppose that 3i ψ is not a prime implicate of ϕ. If ϕ is unsatisfiable, then

3i ψ must be satisfiable, so we will have Sat(ϕ)=no and Sat(ψ)=yes, and the

algorithm will return no in Step 1. Otherwise, as we have assumed that the input

3i ψ is an implicate of ϕ, there must be some clause λ such that ϕ |= λ |= 3i ψ

but 3i ψ 6|= λ. As λ |= 3i ψ, it follows from Theorem 2.3.2 that λ is equivalent to

a disjunction of 3i-formulae, and hence to some clause 3i ψ′.


We know from Theorem 2.4.4 that ϕ is equivalent to the disjunction of terms

in Dnf(ϕ). It must thus be the case that Tj |= 3i ψ′ for all Tj ∈ Dnf(ϕ). This

means that for every satisfiable Tj , there exists a set {3i ηj,2i µj,1, ...,2i µj,kj} of

conjuncts of Tj such that 3i (ηj ∧ µj,1 ∧ ... ∧ µj,kj) |= 3i ψ

′, otherwise Tj would fail

to imply 3i ψ′. Moreover, all of the elements of {3i ηj,2i µj,1, ...,2i µj,kj

} must

appear in the NNF of ϕ outside modal operators, so the formulae ηj , µj,1, ..., µj,kj

must all be elements of the set X . It is immediate that both

3i

∨

j:Tj 6|=⊥

(ηj ∧ µj,1 ∧ ... ∧ µj,kj) |= 3i ψ

′ |= 3i ψ (4.3)

and

3i ψ 6|= 3i

∨

j:Tj 6|=⊥

(ηj ∧ µj,1 ∧ ... ∧ µj,kj)

The latter implies that the formula 3i ψ∧¬(3i

∨

j:Tj 6|=⊥(ηj ∧µj,1∧ ...∧µj,kj

)) must

be consistent, which means that

ψ ∧ ¬(∨

j:Tj 6|=⊥

(ηj ∧ µj,1 ∧ ... ∧ µj,kj) ≡ ψ ∧

∧

j:Tj 6|=⊥

(¬ηj ∨ ¬µj,1 ∨ ... ∨ ¬µj,kj)

must be consistent as well. But then it must be the case that we can select for each

j with Tj 6|= ⊥ some σj ∈ {ηj , µj,1, ..., µj,kj} such that ψ∧

∧

j:Tj 6|=⊥¬σj is consistent.

Let S be the set of σj. The set S satisfies the condition of the algorithm since:

• S ⊆ X

• ψ 6|=∨

σ∈S σ (because we know ψ ∧∧

j:Tj 6|=⊥¬σj to be consistent), and hence

Entails(ψ,∨

σ∈S σ)=no

• for each satisfiable Tj ∈ Dnf(ϕ), we have found a set {3ηj ,2µj,1, ...,2µj,kj}

of conjuncts of Tj such that:

– {ηj , µj,1, ..., µj,kj} ∩ S 6= ∅ (since S contains σj ∈ {ηj , µj,1, ..., µj,kj

})

– 3i (ηj ∧ µj,1 ∧ ... ∧ µj,kj) |= 3i ψ (follows from (4.3) above), and hence

Entails(3i (ηj ∧ µj,1 ∧ ... ∧ µj,kj),3i ψ)=yes

Since there exists a set S ⊆ X satisfying these conditions, the algorithm Test3PI

returns no.

Lemma 4.2.11.

If the algorithm Test3PI returns no on input (3i ψ, ϕ), then 3i ψ is not a prime

implicate of ϕ.

Proof. There are two cases in which the algorithm returns no: either Sat(ϕ)=no

and Sat(ψ)=yes, or there is some S ⊆ X which satisfies both conditions (a) and

(b). In the first case, 3i ψ is clearly not a prime implicate since ϕ |= ⊥ and 3iψ 6|= ⊥


(by Theorem 2.5.8). We now examine the second case in more detail.

Suppose that S ⊆ X is such that:

(a) ψ 6|=∨

σ∈S σ

(b) for each satisfiable Tj ∈ Dnf(ϕ), there exists a set of conjuncts

{3ηj ,2µj,1, ...,2µj,kj} of Tj such that:

(i) {ηj , µj,1, ..., µj,kj} ∩ S 6= ∅

(ii) 3i (ηj ∧ µj,1 ∧ ... ∧ µj,kj) |= 3i ψ

Let α be the clause∨

j:Tj 6|=⊥3(ηj ∧ µj,1 ∧ ... ∧ µj,kj

). We remark that for each

satisfiable Tj, we have Tj |= 3i (ηj ∧ µj,1 ∧ ... ∧ µj,kj), and hence

∨

j Tj |= α.

Because of Corollary 2.4.5, we also have ϕ ≡∨

j Tj, which gives us ϕ |= α. From

2 (b) (ii), we have that 3i (ηj ∧ µj,1 ∧ ... ∧ µj,kj) |= 3i ψ for every i, and hence

∨

j:Tj 6|=⊥3i (ηj ∧µj,1 ∧ ...∧µj,kj

) |= 3i ψ which yields α |= 3i ψ. From 2 (b) (i), we

have that {ηj , µj,1, ..., µj,kj} ∩ S 6= ∅ and hence that for every j satisfying Tj 6|= ⊥,

there is some σ ∈ S such that ηj ∧µj,1∧ ...∧µj,kj|= σ. From this we can infer that

∨

j:Tj 6|=⊥3i (ηj ∧ µj,1 ∧ ... ∧ µj,kj

) |=∨

σ∈S 3i σ, and hence α |= 3i

∨

σ∈S σ. But we

know from 2 (a) and Theorem 2.3.1 that 3i ψ 6|= 3i

∨

σ∈S σ. It follows then that

3i ψ 6|= α. Putting all this together, we find that there exists a clause α such that

ϕ |= α |= 3i ψ but 3i ψ 6|= α, and hence that 3i ψ is not a prime implicate of ϕ.

Theorem 4.2.12.

Let ϕ be a formula, and let 3i ψ be an implicate of ϕ. Then the algorithm Test3PI

returns yes on input (3i ψ, ϕ) if and only if 3i ψ is a prime implicate of ϕ.

Proof. It is clear that Test3PI terminates since satisfiability testing always termi-

nates, and there are only finitely many elements in S and terms in Dnf(ϕ). Lemmas

4.2.10 and 4.2.11 show us that the algorithm always gives the correct response.

Theorem 4.2.13.

The algorithm Test3PI runs in polynomial space.

Proof. The algorithm Sat runs in polynomial space in its input (Theorem 2.5.6),

so Step 1 requires only polynomial space in the length of |ϕ| and |ψ|. We next

remark that the length of the conjunction of elements in X is bounded above by

the length of the formula Nnf(ϕ), and hence by Theorem 2.4.2 the conjunction of

the elements of any particular S ⊆ X cannot exceed 2|ϕ|. It follows that running

Entails on the pair (ψ,∨

σ∈S σ) takes only polynomial space in the length of ϕ

and ψ.

Now let us turn to Step 3 (b). We know from Theorem 2.4.7 that Dnf runs

using only polynomial space, and the length of any Tj in Dnf(ϕ) can be at most


2|ϕ| (Theorem 2.4.6). It follows that checking whether {ηj , µj,1, ..., µj,kj} ∩ S 6= ∅,

or whether Entails(3i (ηj ∧ µj,1 ∧ ...∧µj,kj),3i ψ)=yes can both be accomplished

in polynomial space in the length of ϕ and ψ. We conclude that the algorithm

Test3PI runs in polynomial space.

We now present two examples which illustrate the functioning of Test3PI.

Example 4.2.14.

We use Test3PI to test whether the clause λ = 3(a ∧ b) is a prime implicate of

ϕ = a ∧ (2(b ∧ c) ∨ 2(e ∨ f)) ∧ 3(a ∧ b).

Step 1: As ϕ is satisfiable, the algorithm Sat returns yes on ϕ, so we pass directly

to Step 2.

Step 2: We set X equal to the set of formulae ζ such that 2ζ or 3ζ appears in

Nnf(ϕ) outside the scope of modal operators. In our case, we set X =

{b ∧ c, e ∨ f, a ∧ b} since ϕ =Nnf(ϕ) and b ∧ c, e ∨ f , and a ∧ b are the only

formulae satisfying the requirements.

Step 3: We examine each of the different subsets of X to determine whether they

satisfy conditions (a) and (b). In particular, we consider the subset S =

{b∧ c, e∨ f}. We remark that this subset satisfies condition (a) since a∧ b 6|=

(b ∧ c) ∨ (e ∨ f) (hence Entails(a ∧ b, (b ∧ c) ∨ (e ∨ f) )=no). In order to

check condition (b), we call the procedure Dnf on input Nnf(ϕ).The first

term output is T1 = a ∧ 2(b ∧ c) ∧ 3(a ∧ b). We notice that the conjuncts

3(a ∧ b) and 2(b ∧ c) of T1 satisfy conditions (i) and (ii) since b ∧ c ∈ S and

3(a∧b∧(b∧c)) |= λ (hence Entails(3(a∧b∧(b∧c)), λ)=yes). The next and

final term output by Dnf is T2 = a∧2(e∨ f)∧3(a∧ b). We notice that the

conjuncts 3(a∧ b) and 2(e∨ f) of T2 also satisfy conditions (i) and (ii) since

e∨ f ∈ S and 3(a∧ b∧ (e∨ f)) |= λ (so Entails(3(a∧ b∧ (e∨ f)), λ)=yes).

That means that we have found a subset S of X which satisfies conditions

(a) and (b), so the algorithm returns no. This is the correct output since

3(a∧ b∧ ((b∧ c)∨ (e∨ f))) is an implicate of ϕ which is strictly stronger than

the clause λ.

Example 4.2.15.

We use Test3PI to test whether the clause λ = 3(a ∧ b ∧ c) is a prime implicate

of ϕ = a ∧ (2(b ∧ c) ∨ 2(e ∨ f)) ∧ 3(a ∧ b) ∧ ¬2(e ∨ f ∨ (a ∧ b ∧ c)).

Step 1: We proceed directly to Step 2 since ϕ is satisfiable and hence Sat(ϕ)=yes.

Step 2: We set X = {b∧ c, e∨ f, a∧ b,¬e∧¬f ∧ (¬a∨¬b∨¬c))} since Nnf(ϕ)=a∧

(2(b ∧ c) ∨ 2(e ∨ f)) ∧ 3(a ∧ b) ∧ 3(¬e ∧ ¬f ∧ (¬a ∨ ¬b ∨ ¬c)).


Step 3: We check whether there is some subset of X satisfying conditions (a) and

(b). We claim that there is no such subset. To see why, notice that a∧2(b∧c)∧

3(a∧ b)∧3(¬e∧¬f ∧ (¬a∨¬b∨¬c)) is the only term in Dnf(ϕ). Moreover,

there is only one set of conjuncts of this term which implies 3(a ∧ b ∧ c),

namely {3(a∧ b),2(b∧ c)}. But that means that S must contain either a∧ b

or b∧ c in order to satisfy condition (b)(i). As a∧ b∧ c implies both a∧ b and

b ∧ c, we are guaranteed that a ∧ b ∧ c will imply the disjunction of elements

in S, thereby falsifying condition (a). It follows that there is no subset of

X satisfying the necessary conditions, so Test3PI returns yes, which is the

desired result.

4.2.7 The algorithm TestPI

We now present our algorithm TestPI for testing whether a clause λ is a prime

implicate of a formula ϕ. The first two steps of the algorithm treat the limit cases

where λ is not an implicate or where one or both of ϕ and λ is a tautology or

contradiction. In Step 3, we apply equivalence-preserving transformations to λ

to make it satisfy the requirements of Theorem 4.2.3. Then in Steps 4, 5, and 6

we use the procedures from Theorems 4.2.8, 4.2.9, and 4.2.12 to test whether the

three conditions in Theorem 4.2.3 are verified. If the three tests succeed, then by

Theorem 4.2.3, the clause is a prime implicate, so we return yes. If some test fails,

we return no as the clause has been shown not to be a prime implicate.

Algorithm 4.3 TestPI

Input: a clause λ and a formula ϕ

Output: yes if λ is a prime implicate of ϕ, and otherwise no

(1) If Entails(ϕ, λ)=no, return no.

(2) If Sat(ϕ)=no, then return yes if Sat(λ)=no and return no otherwise. If

Entails(⊤, λ)=yes, then return yes if Entails(⊤, ϕ)=yes and no otherwise.

(3) For each disjunct γ of λ, if Entails(λ \ {γ}, λ)=yes, then remove γ from λ.

For each 1 ≤ i ≤ n, if Diami(λ) is non-empty, replace each disjunct 2iχ of λ

by 2i(χ ∨∨

ψ∈Diami(λ) ψ). Call the resulting clause λ′.

(4) For each ρ ∈ Prop(λ′): return no if Entails(ϕ, λ′ \ {ρ})=yes.

(5) For each disjunct 2iβ of λ′: check whether there is T ∈ Dnf(ϕ∧¬(λ′ \{2iβ}))

such that Sat(T )=yes and Entails(β ∧∧

ψ∈Diami(λ′)¬ψ,

∧

ζ∈Boxi(T ) ζ)=yes,

and return no if not.

(6) Return yes if Test3PI(3i(∨

ψ∈Diami(λ′)ψ), ϕ∧¬(λ′ \ {3iψ |ψ ∈ Diami(λ

′)}))

returns yes for every i such that Diami(λ′) 6= ∅, and return no otherwise.


We will use the next two lemmas to prove the correctness of our recognition

algorithm.

Lemma 4.2.16.

If λ is a clause that is not a prime implicate of ϕ, then TestPI outputs no on this

input.

Proof. Let us begin by considering a formula λ which is a clause but that is not a

prime implicate of ϕ. There are two possible reasons for this: either λ is not an

implicate of ϕ, or it is an implicate but there exists some stronger implicate. In the

first case, we have Entails(ϕ, λ)=no, so TestPI returns no in Step 1, as desired.

We will now focus on the case where λ is an implicate but not a prime implicate.

We begin by treating the limit cases where one or both of ϕ and λ is a tautology

or contradiction. Given that we know λ to be a non-prime implicate of ϕ, there

are only two possible scenarios: either ϕ |= ⊥ and λ 6|= ⊥, or 6|= ϕ and |= λ. In

the first case, we have Sat(ϕ)=no and Sat(λ)=yes, and in the second, we have

Entails(⊤, ϕ)=no and Entails(⊤, λ)=yes. In both cases, the algorithm returns

no in Step 2.

If λ is an implicate of ϕ, and neither ϕ nor λ is a tautology or contradiction,

then the algorithm will continue on to Step 3. In this step, any redundant literals

will be deleted from λ, and if λ contains 3i-literals, we add an extra disjunct to

the 2i-literals so that λ satisfies the syntactic requirements of Theorem 4.2.3. Let

λ′ = γ1∨...∨γk∨∨ni=1(3i ψi,1∨...∨3i ψi,li∨2i χi,1∨...∨2i χi,mi

) be the clause at the

end of Step 3 once all modifications have been made to λ. As the transformations

in Step 3 are equivalence-preserving (Theorem 2.3.1), the clause λ′ is equivalent to

the original clause λ, so λ′ is a non-tautologous non-prime implicate of ϕ. This

means ϕ and λ′ now satisfy all of the conditions of Theorem 4.2.3. It follows then

that one of the following holds:

(a) γ1 ∨ ... ∨ γk 6∈ Π(ϕ ∧ ¬(λ′ \ {γ1, ..., γk}))

(b) 2i (χi,j ∧ ¬ψi,1 ∧ ... ∧ ¬ψi,li) 6∈ Π(ϕ ∧ ¬(λ′ \ {2χi,j}))

for some 1 ≤ i ≤ n and 1 ≤ j ≤ mi

(c) 3i (ψi,1 ∨ ... ∨ ψi,li) 6∈ Π(ϕ ∧ ¬(λ′ \ {3i ψi,1, ...,3i ψi,li}))

for some 1 ≤ i ≤ n

Suppose that (a) holds. Now γ1 ∨ ... ∨ γk is a non-tautologous propositional clause

implied by ϕ∧¬(λ′ \{γ1, ..., γk}) which contains no redundant literals. This means

that ϕ∧¬(λ′ \ {γ1, ..., γk}) and γ1 ∨ ...∨ γk satisfy the conditions of Theorem 4.2.8.

According to this theorem, as γ1 ∨ ... ∨ γk 6∈ Π(ϕ ∧ ¬(λ′ \ {γ1, ..., γk}), then there

must be some γj such that ϕ∧¬(λ′ \ {γ1, ..., γk} |= γ1 ∨ ...∨ γj−1 ∨ γj+1 ∨ γk, hence

ϕ |= λ′ \ {γj}. It follows that for some γj we have Entails(ϕ, λ′ \ {γj})=yes, so


the algorithm returns no in Step 4.

Suppose next that (b) holds, and let i and j be such that 2i (χi,j ∧¬ψi,1 ∧ ...∧

¬ψi,li) 6∈ Π(ϕ ∧ ¬(λ′ \ {2χi,j})). By Theorem 4.2.9, this means that there is no

satisfiable T ∈Dnf(ϕ) such that χi,j ∧ ¬ψi,1 ∧ ... ∧ ¬ψi,li |=∧

ζ∈Boxi(T ) ζ, so for

every T either Sat(T )=no or Entails(χi,j ∧ ¬ψi,1 ∧ ... ∧ ¬ψi,li ,∧

ζ∈Boxi(T ) ζ)=no.

It follows that the algorithm returns no in Step 5 while examining the disjunct

2i χi,j.

Finally consider the case where neither (a) nor (b) holds but (c) does, and let

i be such that 3i (ψi,1 ∨ ... ∨ ψi,li) 6∈ Π(ϕ ∧ ¬(λ′ \ {3i ψi,1, ...,3i ψi,li})). Then in

Step 6, we will call Test3PI(3i (ψi,1 ∨ ... ∨ ψi,li), ϕ ∧ ¬(λ′ \ {3iψi,1, ...,3iψi,li})).

As 3i (ψi,1 ∨ ... ∨ ψi,li) is not a prime implicate of ϕ ∧ ¬(λ′ \ {3i ψi,1, ...,3i ψi,li})

and we have shown Test3PI to be correct (Theorem 4.2.12), Test3PI will return

no, which means TestPI will return no as well. As we have covered each of the

possible cases, we can conclude that if λ is a clause that is not a prime implicate

of ϕ, then TestPI outputs no.

Lemma 4.2.17.

If TestPI outputs no with input (λ, ϕ) and λ is a clause, then λ is not a prime

implicate of ϕ.

Proof. There are 5 different ways to return no (these occur in Steps 1, 2, 4, 5, and

6). Let us consider each of these in turn. The first way that the algorithm can

return no is in Step 1 if we find that Entails(ϕ, λ)=no, and hence that ϕ 6|= λ.

This is correct since λ cannot be a prime implicate if it is not a consequence of ϕ.

In Step 2, we return no if Sat(ϕ)=no but Sat(λ)=yes, or if Entails(⊤, λ)=yes

but Entails(⊤, ϕ)=no. In the first case, we have ϕ |= ⊥ and λ 6|= ⊥, and in

the second, |= λ and 6|= ϕ. In both cases, λ cannot be a prime implicate since

there exist stronger implicates (any contradictory clause if ϕ |= ⊥, and any non-

tautologous implicate of ϕ if |= λ). In Step 3, we may modify λ, but the resulting

clause λ′ = γ1 ∨ ... ∨ γk ∨∨ni=1(3i ψi,1 ∨ ... ∨ 3i ψi,li ∨ 2i χi,1 ∨ ... ∨ 2i χi,mi

) is

equivalent to the original (by Theorem 2.3.1), and so λ′ is a prime implicate just

in the case that λ was. Now in Step 4, we return no if we find some propositional

disjunct γj in λ′ for which Entails(ϕ, λ′ \ {γj})=yes, and hence ϕ |= λ′ \ {γj}.

Now since in Step 3, we have removed all redundant disjuncts from λ, we can be

sure that λ′ \ {γj} is strictly stronger than λ′. So we have ϕ |= λ′ \ {γj} |= λ′

and λ′ 6|= λ′ \ {γj}, which means that λ′, hence λ, is not a prime implicate of

ϕ. We now consider Step 5 of TestPI. In this step, we return no if for some

disjunct 2iχi,j of λ′ there is no term T in Dnf(ϕ∧¬(λ′ \{2iχi,j})) for which both

Sat(T )=yes and Entails(χi,j ∧¬ψi,1∧ ...∧¬ψi,li ,∧

ζ∈Boxi(T ) ζ)=yes. According to


Theorem 4.2.9, this means that 2i(χi,j ∧¬ψi,1∧ ...∧¬ψi,li) is not a prime implicate

of ϕ ∧ ¬(λ \ {2i χi,j}), which means that λ′, and hence λ, is not a prime implicate

of ϕ by Theorem 4.2.3.

Finally let us consider Step 6. In this step, we return no if Test3PI returns

no on input (3i(ψi,1 ∧ ... ∧ ψi,li), ϕ ∧ ¬(λ′ \ {3iψi,1, ...,3iψi,li})) for some i. By

Theorem 4.2.12, we know that this happens just in the case that 3i(ψi,1∧ ...∧ψi,li)

is not a prime implicate of ϕ∧¬(λ′ \ {3iψi,1, ...,3iψi,li}). It follows from Theorem

4.2.3 that λ′, and hence λ, is not a prime implicate of ϕ.

Theorem 4.2.18.

The algorithm TestPI always terminates, and it returns yes on input (λ, ϕ) if

and only if λ is a prime implicate of ϕ.

Proof. The algorithm TestPI clearly terminates because Steps 1 to 5 involve a finite

number of syntactic operations on λ and a finite number of entailment checks. More-

over, the call to Test3PI in Step 6 is known to terminate (Theorem 4.2.12). Cor-

rectness and completeness have already been shown in Lemmas 4.2.16 and 4.2.17.

We demonstrate the functioning of TestPI on an example.

Example 4.2.19.

We use TestPI to test if the clauses λ1 = b, λ2 = 2b ∨ 2(e ∨ f), λ3 = a ∨ 3a,

λ4 = 3(a∧b), and λ5 = 3(a∧b∧c)∨3(a∧b∧c∧f)∨2(e∨f) are prime implicates

of ϕ = a ∧ (2(b ∧ c) ∨ 2(e ∨ f)) ∧ 3(a ∧ b).

λ1: We output no in Step 1 since ϕ 6|= λ1, so Entails(ϕ, λ1)=no.

λ2: We skip Steps 1 and 2 since λ |= λ2 and neither ϕ |= ⊥ nor |= λ2. In

Step 3, we make no changes to λ2 since it contains no redundant literals nor

any 3-literals. We skip Step 4 since λ2 has no propositional disjuncts. In

Step 5, we return no since the only satisfiable term output by Dnf on input

(ϕ∧¬(λ2 \{2b}) is a∧2(b∧c)∧3(a∧b)∧3(¬e∧¬f), and we have b 6|= b∧c.

λ3: We proceed directly to Step 3 since λ |= λ3, ϕ 6|= ⊥, and 6|= λ3. No

modifications are made to λ3 in Step 3 as it does not contain any redundant

literals or 2-literals. In Step 4, we use Entails to test whether or not ϕ |=

λ3 \ {a}. As Entails(ϕ, λ3 \ {a})=yes, we output no.

λ4: Steps 1-5 are all inapplicable, so we skip directly to Step 6. In this step,

we call Test3PI with as input the clause 3(a ∧ b) and the formula ϕ ∧

¬(λ4 \ {3(a ∧ b)}) = ϕ. We have already seen in Example 4.2.14 above that

Test3PI returns no on this input, which means that TestPI also returns

no.


λ5: We proceed directly to Step 3, where we delete the redundant literal 3(a∧

b∧c∧f) and then modify the literal 2(e∨f). At the end of this step, we have

λ5 = 3(a∧ b∧ c)∨2((e∨ f)∨ (a∧ b∧ c)). Step 4 is not applicable since there

are no propositional disjuncts in λ5. In Step 5, we continue since the only

satisfiable term output by Dnf on input ϕ∧¬(λ5 \{2((e∨f ∨ (a∧ b∧ c))}) is

a∧2(e∨f)∧3(a∧b)∧2(¬a∨¬b∨¬c), and (e∨f∨(a∧b∧c))∧(¬a∨¬b∨¬c) ≡

(e ∨ f) ∧ (¬a ∨ ¬b ∨ ¬c). In Step 6, we return yes since we call Test3PI on

input (3(a∧ b∧ c), ϕ∧¬(λ5 \ {3(a∧ b∧ c)})), and we have previously shown

in Example 4.2.15 that Test3PI returns yes on this input.

We now show that TestPI runs in polynomial space.

Lemma 4.2.20.

The algorithm TestPI provided in Figure 4.3 runs in polynomial space in the length

of the input.

Proof. It is clear that Steps 1 through 5 can be carried out in polynomial space

in the length of the input, since they simply involve testing the satisfiability of

formulae whose lengths are polynomial in |λ| + |ϕ|. Step 6 can also be carried

out in polynomial space since by Theorem 4.2.13 deciding whether the formula

3i(∨

ψ∈Diami(λ′)ψ) is a prime implicate of ϕ ∧ ¬(λ′ \ {3iψ |ψ ∈ Diami(λ

′)}) takes

only polynomial space in |3i(∨

ψ∈Diami(λ′)ψ)|+ |ϕ∧¬(λ′\{3iψ |ψ ∈ Diami(λ

′)})|,

and hence in |λ| + |ϕ|. We can thus conclude that the algorithm TestPI runs in

polynomial space in the length of the input.

As we have already shown that TestPI decides prime implicate recognition, it

follows that this problem is in Pspace:

Theorem 4.2.21.

Prime implicate recognition is in Pspace.

Proof. We have shown in Theorem 4.2.18 that TestPI always terminates and re-

turns yes whenever the clause is a prime implicate and no otherwise. This means

that TestPI is a decision procedure for prime implicate recognition. Since the algo-

rithm has been shown to run in polynomial space (Lemma 4.2.20), we can conclude

that prime implicate recognition is in Pspace.

By putting together Theorems 4.2.1 and 4.2.21, we obtain a tight complexity

bound for the prime implicate recognition task.

Corollary 4.2.22.

Prime implicate recognition is Pspace-complete.


We thus have the positive and somewhat surprising result that the worst-case

complexity of prime implicate recognition is the same as that of entailment in Kn.

5

Restricted Consequence Finding

In this chapter, we consider two more nuanced notions of prime implicates: new

prime implicates, which allow us to isolate the novel facts which can be derived upon

arrival of new information, and signature-bounded prime implicates, which allow us to

characterize the consequences of a formula over a given signature. We investigate the

properties of both notions and their associated reasoning tasks, leveraging results from

previous chapters.

5.1 New prime implicates

When information is added incrementally to a knowledge base, it is natural to

want to know what new facts can be derived following the addition of a piece of

information. In propositional logic, this motivated the introduction of the notion

of new prime implicates (cf. discussion in [Mar00]), which are intended to capture

the new consequences of ϕ upon the addition of some piece of information. We can

easily extend this notion to Kn:

Definition 5.1.1 (New prime implicate).

Let ϕ and ψ be Kn formulae. A clause λ is said to be a new prime implicate of a

formula ψ given ϕ, or simply a ϕ-prime implicate of ψ, if and only if:

1. λ is a prime implicate of ϕ ∧ ψ

2. λ is not an implicate of ϕ

Example 5.1.2.

Consider the formula ϕ =

129

130 5.1. New prime implicates

(a ∨ b) ∧ 21(¬b ∨ c) ∧ (b ∨ 31b) ∧ 32a ∧ 32e

∧22(b ∧ (a ∨ c)) ∧ 22d

from Example 3.2.11. The formulae b and ¬a are the two ϕ-prime implicates of ¬a.

There are three ϕ-prime implicates of ¬b: ¬b, a, and 31(b ∧ c). There is only one

ϕ-prime implicate of 31⊤, which is 31(¬b ∨ c). The unique ϕ-prime implicate of

32(¬d ∧ e) is ⊥.

It is also possible to define in an analogous way a notion of new prime implicant.

We saw in Chapter 1 that such a notion proves useful in abductive reasoning by

allowing us to eliminate explanations which conflict with the background knowledge.

Definition 5.1.3 (New prime implicant).

Let ϕ and ψ be Kn formulae. A term κ is a new prime implicant of a formula ψ

given ϕ, or simply a ϕ-prime implicant of ψ, if and only if:

1. κ is a prime implicant of ϕ ∨ ψ

2. κ is not an implicant of ϕ

In what follows, however, we will restrict our attention to new prime implicates,

since the corresponding results for new prime implicants follow by duality.

Theorem 5.1.4.

Every ϕ-prime implicant of a formula ψ is equivalent to the negation of a ¬ϕ-prime

implicate of ¬ψ, and vice-versa.

Proof. The proof is entirely similar to the proof of Duality for standard prime

implicates/implicants (Theorem 3.2.5).

5.1.1 Properties of new prime implicates

The following two theorems clarify the relationship between standard and new

prime implicates:

Theorem 5.1.5.

Every ϕ-prime implicate of ψ is a standard prime implicate of ϕ ∧ ψ.

Proof. Follows directly from Definition 5.1.1.

Theorem 5.1.6.

A clause λ is a standard prime implicate of a non-tautologous formula ϕ if and only

if λ is a ⊤-prime implicate of ϕ.

Proof. Follows directly from Definition 5.1.1.

5. Restricted Consequence Finding 131

Theorem 5.1.5 allows us to transfer our upper bounds on the size and number

of standard prime implicates to new prime implicates.

Theorem 5.1.7.

For any pair of formulae ϕ and ψ, the length of the smallest clausal representation

of a ϕ-prime implicate of ψ is no more than single exponential in |ϕ| + |ψ|.

Proof. Direct consequence of Theorems 4.1.6 and 5.1.5.

Theorem 5.1.8.

The number of non-equivalent new prime implicates for a given pair of formulae is

no more than double exponential in the sum of the lengths of the two formulae.


In particular, the latter theorem shows that the number of new prime implicates

is always finite modulo equivalence.

Our lower bounds on the size and number of standard prime implicates can also

be transferred to new prime implicates via Theorem 5.1.6.

Theorem 5.1.9.

The length of the smallest clausal representation of a new prime implicate of a pair

of formulae can be exponential in the sum of the lengths of the formulae.


Theorem 5.1.10.

The number of non-equivalent new prime implicates of a pair of formulae may be

double exponential in the sum of the lengths of the formulae.


Unsurprisingly, the property Covering does not hold for new prime implicates

since they only capture part of a formula’s implicates. We can, however, show them

to satisfy a weaker version of the property:

Theorem 5.1.11.

Every implicate of ϕ ∧ ψ which is not an implicate of ϕ is entailed by some new

prime implicate of ψ given ϕ.

Proof. Consider formulae ϕ and ψ, and some clause λ such that ϕ ∧ ψ |= λ but

ϕ 6|= ϕ. By the Covering property (Theorem 3.2.8), there is some prime implicate

π of ϕ ∧ ψ which implies λ. As ϕ 6|= λ and π |= λ, it must also be the case that

ϕ 6|= π. It follows that π is a ϕ-prime implicate of ψ.

132 5.1. New prime implicates

We also have the following relativized version of Equivalence:

Theorem 5.1.12.

The new prime implicates of ψ given ϕ are equivalent to ψ modulo ϕ.

Proof. For the first direction, let λ be some prime implicate of ϕ∧ψ. Now if ϕ |= λ,

we are done. Otherwise, if ϕ 6|= λ, then λ is a ϕ-prime implicate of ψ, and hence

must be implied by the new prime implicates of ψ given ϕ. It follows then that

ϕ ∧ ψ is implied by the new prime implicates of ψ given ϕ when taken together

with ϕ. The other direction is immediate since the ϕ-prime implicates of ψ are all

implied by ϕ ∧ ψ.

New prime implicates also satisfy a version of the Distribution property:

Theorem 5.1.13.

If λ is a ϕ-prime implicate of ψ1 ∨ ... ∨ ψn, then there exist ϕ-prime implicates λ1,

..., λn of ψ1, ..., ψn such that λ ≡ λ1 ∨ ... ∨ λn.

Proof. The proof is entirely similar to the proof of Distribution for standard prime

implicates (Theorem 3.2.10).

5.1.2 Generating and recognizing new prime implicates

As the ϕ-prime implicates of ψ are just the standard prime implicates of ϕ ∧

ψ which are not implied by ϕ, it follows that one can generate the new prime

implicates of ψ given ϕ by first generating the standard prime implicates of ϕ ∧ ψ

then filtering out those which are entailed by ϕ. The disadvantage of this method

is that we generate all of the standard prime implicates of ϕ∧ψ even when very few

of them are new prime implicates. One way to decrease the number of candidates

generated is to use the technique mentioned in Chapter 4 of generating the prime

implicates of a disjunction in an iterative manner. Thus, if we were generating the

new prime implicates of a formula ψ given the formula ϕ, we would first rewrite

ϕ ∧ ψ as a disjunction of terms T1 ∨ ... ∨ Tn, and then we would generate the

new prime implicates of T1 given ϕ, then use them to calculate the new prime

implicates of T1∨T2 given ϕ, and so on until we have the new prime implicates of the

entire disjunction. The correctness of this approach follows from the Distribution

property for new prime implicates (Theorem 5.1.13) together with the fact that the

new prime implicates of ψ given ϕ are the same as the new prime implicates of

ϕ ∧ ψ given ϕ.


As for the complexity of recognizing new prime implicates, it is easy to see that

recognizing new prime implicates is no harder than recognizing standard prime

implicates.

Theorem 5.1.14.

The problem of recognizing new prime implicates is Pspace-complete.

Proof. To decide whether a clause λ is a new prime implicate of ψ given ϕ, we simply

check whether ϕ |= λ and then check whether λ is a prime implicate of ϕ ∧ ψ. As

both standard prime implicate recognition and entailment can be accomplished in

polynomial space (Theorems 2.5.7 and 4.2.22), we have membership in Pspace.

For hardness, we use Theorem 5.1.6 which shows how standard prime implicate

recognition can be reduced to new prime implicate recognition.

5.2 Signature-bounded prime implicates

Another natural restriction is to consider only those consequences which belong

to a given signature. This notion has been extensively studied in propositional and

first-order logic (cf. [Ino92], [del99], [Mar00]).

Definition 5.2.1 (Signature-bounded prime implicate).

Let L be a signature. A clause λ is a signature-bounded prime implicate of ϕ with

respect to L, or simply an L-prime implicate of ϕ, if and only if:

1. λ is an implicate of ϕ

2. sig(λ) ⊆ L

3. If λ′ is an implicate of ϕ such that sig(λ′) ⊆ L and λ′ |= λ, then λ |= λ′

Let us illustrate the notion of signature-bounded prime implicates with a quick

example:

Example 5.2.2.


(a ∨ b) ∧ 21(¬b ∨ c) ∧ (b ∨ 31b) ∧ 32a ∧ 32e

∧22(b ∧ (a ∨ c)) ∧ 22d

that was introduced in Example 3.2.11. There are no {a}-prime implicates or {1}-

prime implicates of ϕ. There is a single {2}-prime implicate of ϕ, namely 32⊤.

There is a single {1, b}-prime implicate: b∨31b. The three {2, a, b}-prime implicates

of ϕ are a ∨ b, 32(a ∧ b), and 22b. The three {2, a, b, d}-prime implicates of ϕ are

a ∨ b, 32(a ∧ b ∧ d), and 22(b ∧ d).

134 5.2. Signature-bounded prime implicates

Signature-bounded prime implicants can be defined in the same manner. This

notion is useful in abductive reasoning when we want to restrict our attention to

only those explanations built from a given set of symbols.

Definition 5.2.3 (Signature-bounded prime implicant).

Let L be a signature. A term κ is a signature-bounded prime implicant of ϕ with

respect to L, or simply an L-prime implicant of ϕ, if and only if:

1. κ is an implicant of ϕ

2. sig(κ) ⊆ L

3. If κ′ is an implicant of ϕ such that sig(κ′) ⊆ L and κ |= κ′, then κ′ |= κ

However, as the following result demonstrates, it is sufficient to restrict our

attention to signature-bounded prime implicates.

Theorem 5.2.4.

Every L-prime implicant of a formula ϕ is equivalent to the negation of an L-prime

implicate of ¬ϕ, and vice-versa.

Proof. The proof proceeds analogously to the proof of Duality for standard prime

implicates/implicants (Theorem 3.2.5).

5.2.1 Properties of signature-bounded prime implicates

We remark that we can recover the standard notion of prime implicates by

setting L equal to the signature of the formula in question.

Theorem 5.2.5.

Every standard prime implicate of ϕ is a sig(ϕ)-prime implicate of ϕ.

In propositional logic, every L-prime implicate is also a standard prime impli-

cate. The same is not true for Kn formulae:

Example 5.2.6.


(a ∨ b) ∧ 21(¬b ∨ c) ∧ (b ∨ 31b) ∧ 32a ∧ 32e

∧22(b ∧ (a ∨ c)) ∧ 22d

from Examples 3.2.11 and 5.2.2. Then 32⊤ is a {2}-prime implicate of ϕ, and

b ∨ 31b is a {1, b}-prime implicate of ϕ, but neither clause is a standard prime

implicate of ϕ.


There are however some weaker relationships holding between standard and

L-prime implicates:

Theorem 5.2.7.

Every L-prime implicate of a formula ϕ is equivalent to some prime implicate of

an L-interpolant of ϕ, and vice-versa.

Proof. For the first direction, consider some L-prime implicate λ of ϕ and some

L-interpolant ψ of ϕ. As sig(λ) ⊆ L, it must be the case that ψ implies λ. But

then by Covering (Theorem 3.2.8), there must be some standard prime implicate

π of ψ such that π |= λ. Because of Theorem 4.1.5, we can assume that π has

signature in L. It follows then that λ |= π, hence λ ≡ π.

For the second direction, let π be a prime implicate of an L-interpolant ψ of ϕ.

Because of Theorem 4.1.5, we know that π is equivalent to some clause π′ with

signature in L. Now let λ be a clause such that ϕ |= λ |= π′ and sig(λ) ⊆ L. As

sig(λ) ⊆ L, it must be the case that ψ |= λ. Moreover, we know that π (and hence

π′) is a prime implicate of ψ, so π′ |= λ. It follows that π′ is an L-prime implicate

of ϕ, which means π is equivalent to some L-prime implicate of ϕ.

Theorem 5.2.8.

Every L-prime implicate of a formula ϕ is equivalent to the L-interpolant of some

prime implicate of ϕ.

Proof. Let λ be an L-prime implicate of ϕ. Because of the Covering property

(Theorem 3.2.8), we can find some prime implicate π of ϕ such that π |= λ. Now

let π′ be the L-interpolant of π which is computed by LangInt. We know from

Theorem 2.6.9 that π′ is a clause. As π |= λ and sig(λ) ⊆ L, it follows that π′ |= λ,

and hence λ |= π′, so λ ≡ π′.

The converse of Theorem 5.2.8 does not hold as there are prime implicates whose

L-interpolants are not L-prime implicates, as the following example demonstrates.

Example 5.2.9.

The clause 31a is the {a, c, 1}-interpolant of the prime implicate 31(a ∧ b) of ϕ =

31(a ∧ b) ∧ 31(a ∧ c), but 31a is not an {a, c, 1}-prime implicate of ϕ.

One consequence of Theorem 5.2.8 is that the number of L-prime implicates is

bounded above by the number of prime implicates.

Theorem 5.2.10.

The number of non-equivalent L-prime implicates of a formula is no more than

double exponential in the length of the formula.



We can also transfer our upper bound on the size of standard prime implicates

to signature-bounded prime implicates.

Theorem 5.2.11.

The length of the smallest clausal representation of an L-prime implicate of a for-

mula is no more than single exponential in the length of the formula.

Proof. Let λ be an L-prime implicate of a formula ϕ. By Covering (Theorem

3.2.8), we know that there must be some standard prime implicate π of ϕ such that

π |= λ. From the proof of Theorem 4.1.6, we can assume without loss of generality

that π is a clause with at most 2|ϕ| disjuncts, each having length at most 2|ϕ|. Now

we can apply the function LangInt to π to obtain a formula π′. By Theorem 2.6.6

and Lemma 2.6.9, we know that π′ is a clause and the L-interpolant of π. Since

π |= λ and sig(λ) ⊆ L and π′ is the L-interpolant of π, it follows that π′ |= λ. But

λ is assumed to be an L-prime implicate of ϕ, so we must also have λ ≡ π′.

It remains to be shown that the length of π′ is only single exponential in |ϕ|.

We remark that the function LangInt treats each of the disjuncts of π separately.

Moreover, by Theorem 2.6.7, the output of LangInt is single exponential in the

size of the input formula. In other words, we can find some polynomial function f

such that the output of LangInt on input ψ has length at most 2f(|ψ|). But that

means that the formula π′ has length at most 2|ϕ| ∗ (2f(2|ϕ|) + 1), since there are

no more than 2|ϕ| disjuncts, each having size at most 2f(2|ϕ|) (the extra 1 is for

the disjunction symbols connecting the disjuncts). This proves the result since this

expression is clearly single exponential in |ϕ|.

Our lower bounds on the number and size of standard prime implicates also

carry over to L-prime implicates thanks to Theorem 5.2.5.

Theorem 5.2.12.

The number of non-equivalent L-prime implicates of a formula may be double ex-

ponential in the length of the formula.


Theorem 5.2.13.

The length of the smallest clausal representation of an L-prime implicate of a for-

mula can be exponential in the length of the formula.



Using Theorem 5.2.7, we can infer the following proposition which can be seen

as a weaker version of the Covering property.

Theorem 5.2.14.

Every implicate of ϕ with signature contained in L is entailed by some L-prime

implicate of ϕ.

Proof. Let ϕ be a formula, and let λ be some implicate of ϕ with sig(λ) ⊆ L.

We know that λ must be implied by every L-interpolant of ϕ, and therefore by

Covering (Theorem 3.2.8), we can find some prime implicate π of an L-interpolant

of ϕ such that π |= λ. According to Theorem 5.2.7, there must be some L-prime

implicate π′ of ϕ which is equivalent to π, which means we have found a L-prime

implicate of ϕ which entails λ.

A weaker version of Equivalence holds as well:

Theorem 5.2.15.

The set of L-prime implicates of a formula is equivalent to the L-interpolant of the

formula.

Proof. For the first direction, let ϕ be a formula, and let π be some prime implicate

of the L-interpolant of ϕ′. By Theorem 5.2.7, the clause π is equivalent to, and

hence implied by, some L-prime implicate of ϕ. Using the Equivalence property

for standard prime implicates (Theorem 3.2.9), we find that the set of L-prime

implicates of ϕ implies the L-interpolant of ϕ. The other direction is immediate

since the L-interpolant of ϕ must by definition imply each of the L-prime implicate

of ϕ.

The Distribution property can also be formulated for L-prime implicates:

Theorem 5.2.16.

If λ is an L-prime implicate of ϕ1 ∨ ... ∨ ϕn, then there exist L-prime implicates

µ1, ..., µn of ϕ1, ..., ϕn such that λ ≡ µ1 ∨ ... ∨ µn.

Proof. Very similar to the proof for standard prime implicates (Theorem 3.2.10).

5.2.2 Generating signature-bounded prime implicates

There are a couple of different ways of exploiting GenPI in the computation of

signature-bounded prime implicates. A first possibility would be to take advantage

of Theorem 5.2.8 which tells us that the L-prime implicates of a formula are the log-

ically strongest clauses among the L-interpolants of the formula’s prime implicates.


This means that we can generate the L-prime implicates of a formula by first using

GenPI to obtain the formula’s prime implicates, then taking the L-interpolants

of the prime implicates, and finally comparing the resulting clauses to isolate the

logically strongest ones. Another possibility would be to replace the input formula

by its L-interpolant and then call GenPI to generate the prime implicates of the

L-interpolant. Because of Theorem 5.2.7, we know that the clauses outputted by

GenPI will be exactly the L-prime implicates of the original formula.

Both of the above methods yield L-prime implicates which are at most single-

exponentially larger than the input formula. This was shown for the first method

in the proof of Theorem 5.2.11. For the second method, we use the fact that

LangInt(ϕ,L) is already a disjunction of terms, so applying Dnf to LangInt(ϕ,L)

does not increase its length. This means that there will be only single-exponentially

many disjuncts in each clauses in Candidates, and that the disjuncts of these

clauses will be at most single-exponentially large.

Is there any reason to prefer one method over the other? In fact, there is. We re-

mark that in the second method, we can eliminate weaker elements in Candidates

by using standard prime implicate recognition, whereas with the first method, we

need to perform L-prime implicate recognition (or resort to a pairwise comparison

of the elements in Candidates). As we shall see in the following section, L-prime

implicate recognition is of higher complexity than standard prime implicate recog-

nition, leading us to privilege the second generation strategy.

5.2.3 Recognizing signature-bounded prime implicates

We know from Example 5.2.6 that L-prime implicates may not be standard

prime implicates, which means that the Pspace-completeness result for standard

prime implicate recognition is not much help to us. Indeed, it turns out that

L-prime implicate recognition is considerably more difficult computationally than

standard prime implicate recognition.We can show this task to be CoNExptime-

hard:

Theorem 5.2.17.

L-prime implicate recognition is CoNExptime-hard.

Proof. The proof is via a reduction of the conservative extension decision problem

for K = K1 formulae to the L-prime implicate recognition problem. We recall

that a formula ϕ1 ∧ ϕ2 is a conservative extension of ϕ1 if and only if for every

formula ψ with var(ψ) ⊆ var(ϕ1) we have ϕ1 ∧ ϕ2 |= ψ only if ϕ1 |= ψ. We will

show that ϕ1 ∧ ϕ2 is a conservative extension of ϕ1 if and only if 31Nnf(ϕ1) is

a var(ϕ1) ∪ {1}-prime implicate of 31(ϕ1 ∧ ϕ2). As the conservative extension


decision problem for K formulae was proven CoNExptime-complete in [GLWZ06],

it follows that L-prime implicate recognition must be CoNExptime-hard.

For the first direction, let us suppose that ϕ1 ∧ϕ2 is a conservative extension of

ϕ1. It follows that ϕ1 is a var(ϕ1)∪{1}-interpolant of ϕ1∧ϕ2. Using Lemma 2.6.10,

we then find that 31ϕ1 is a var(ϕ1)∪ {1}-interpolant of 31(ϕ1 ∧ϕ2). That means

that if λ is a clause such that sig(λ) ⊆ var(ϕ1)∪{1} and 31(ϕ1∧ϕ2) |= λ |= 31ϕ1,

we must also have 31ϕ1 |= λ. This means that the clause 31Nnf(ϕ1) ≡ 31ϕ1

must be a var(ϕ1) ∪ {1}-prime implicate of the formula 31(ϕ1 ∧ ϕ2).

For the other direction, suppose that 31Nnf(ϕ1) is a var(ϕ1)∪{1}-prime impli-

cate of 31(ϕ1∧ϕ2). That means that for every clause λ with sig(λ) ⊆ var(ϕ1)∪{1}

and 31(ϕ1 ∧ ϕ2) |= λ |= 31Nnf(ϕ1), we have 31Nnf(ϕ1) |= λ. In particular, if

31ψ is a clause with signature in var(ϕ1) ∪ {1} such that 31(ϕ1 ∧ ϕ2) |= 31ψ |=

31Nnf(ϕ1), then 31Nnf(ϕ1) |= 31ψ. It follows then from Theorem 2.3.1 and

the fact that Nnf is equivalence- and signature-preserving (Theorem 2.4.2) that

for every formula ψ which is implied by ϕ1 ∧ ϕ2 and with sig(ψ) ⊆ var(ϕ1) ∪ {1},

we have ϕ1 |= ψ, i.e. ϕ1 is a var(ϕ1) ∪ {1}-interpolant of ϕ1 ∧ ϕ2. It follows that

ϕ1 ∧ ϕ2 is a conservative extension of ϕ1.

We now provide an Expspace upper bound. Our proof makes reference to the

algorithm TestLangPI defined below:

Algorithm 5.1 TestLangPI

Input: a formula ϕ, a clause λ, and a signature L

Output: yes is λ is not an L-prime implicate of ϕ, and no otherwise

(1) If Entails(ϕ, λ)=no or sig(λ) 6⊆ L, return yes.

(2) Guess some clause π of length at most 2|ϕ| ∗ (2f(2|ϕ)| + 1) with signature in L.

(3) If Entails(ϕ, π)=no or Entails(π, λ)=no, then return no.

(4) If Entails(λ, π)=no, return yes. Otherwise, return no.

Note: in Step 2, we let f be some function such that |LangInt(ψ,L)| ≤ 2f(|ψ|) on

every input (ψ,L). The existence of such a function is guaranteed by Corollary

2.6.8.

Theorem 5.2.18.

L-prime implicate recognition is in Expspace.

Proof. We will show that the non-deterministic algorithm TestLangPI decides

the complement of the L-prime implicate recognition problem, and moreover that


it runs using only single exponential space. This is sufficient to prove the result

since CoNExpspace=Expspace.

We start by showing the correctness of our procedure. First suppose that λ is

not an L-prime implicate of ϕ. Then either λ is not an implicate of ϕ, or it does not

have signature in L, or there is some L-prime implicate ζ of ϕ such that ζ |= λ 6|= ζ.

In the first two cases, the algorithm will return yes in Step 1. In the third case,

we proceed to Step 2 where we guess a clause of length at most 2|ϕ| ∗ (2f(2|ϕ)| + 1)

and with signature in L. We know from the proof of Theorem 5.2.11 that every

L-prime implicate of ϕ must be equivalent to some clause with signature in L and

with length at most 2|ϕ| ∗ (2f(2|ϕ)|+1). It follows then that in Step 2 we can choose

the clause π so that π ≡ ζ, which means we will satisfy the tests in Step 3 and

proceed on to Step 4. In this step, we test whether λ 6|= π. As we know that λ 6|= ζ

and ζ ≡ π, we must also have λ 6|= π, so the algorithm will return yes in Step 5.

Next suppose that λ is an L-prime implicate of ϕ. Then the tests in Step 1

will not succeed, and we will go directly to Step 2, where we guess some clause π

of length at most 2|ϕ| ∗ (2f(2|ϕ)| + 1) and with signature in L. If π does not satisfy

the required conditions, then we will output no in Step 3. Otherwise, in Step 4,

we will test whether λ 6|= π. Now since λ is an L-prime implicate of ϕ and π is a

clause with signature in L such that ϕ |= π |= λ, it follows that λ |= π, so we will

return no.

Now we consider the spatial complexity of TestLangPI. The first step runs

in polynomial space in |ϕ| + |λ| by Theorem 2.5.7. The second step takes single-

exponential space since we guess a clause of length at most 2|ϕ| ∗ (2f(2|ϕ)| + 1) (and

f is assumed to be a polynomial function). Steps 3 and 4 also require at most

single-exponential space since we are performing entailment tests on formulae with

length at most single-exponentially larger than |ϕ| + |λ|.

The exact complexity L-prime implicate recognition is currently unknown, but

we conjecture that the problem is CoNExptime-complete.

6

Prime Implicate Normal Form

In this chapter, we introduce a normal form for Kn formulae which is based upon

the notion of prime implicate studied in the previous chapters. We investigate the

properties of our normal form, showing in particular that entailment between formulae

in prime implicate normal form can be carried out in quadratic time using a simple

structural comparison algorithm. We also show that uniform interpolation is tractable

for formulae in our normal form. Afterwards, we propose an algorithm for putting

concepts into prime implicate normal form, and we investigate the spatial complexity

of this transformation, showing there to be an at most double exponential blowup in

formula size. At the end of the chapter, we compare our normal form to other normal

forms previously proposed in the literature.

6.1 Motivation

As we mentioned in Chapter 1, knowledge compilation is a technique for deal-

ing with the high complexity of reasoning which consists in a preliminary off-line

phase in which a knowledge base is transformed into an equivalent base which al-

lows for tractable reasoning, followed by a second online phase in which reasoning

is performed on the compiled knowledge base. One well-known target language

for knowledge compilation in propositional logic is prime implicate normal form,

in which a formula is represented as the conjunction of its prime implicates. A

natural idea would be to use our selected definition of prime implicate to define

in an analogous manner a notion of prime implicate normal form for Kn formulae.

Unfortunately, the normal form we obtain satisfies few of the nice properties of the

propositional case. For instance, we find that entailment between two Kn formulae

141

142 6.2. Definition of Prime Implicate Normal Form

in prime implicate normal form is no easier than between arbitrary Kn formulae.

To see why, consider any pair of formulae ϕ1 and ϕ2 in negation normal form. The

formulae 3ϕ1 and 3ϕ2 are their own prime implicates and hence would be in prime

implicate normal form if we used the naıve definition. As ϕ1 entails ϕ2 just in the

case that 3ϕ1 entails 3ϕ2, we can reduce entailment between arbitrary formulae

in NNF to entailment between formulae in prime implicate normal form. As the

former problem is known to be Pspace-complete (by Corollary 2.5.2), it follows

that the latter is Pspace-complete as well.

This appears to be quite a disappointing result as one would hope that the

computational difficulty of representing a formula by its prime implicates would be

offset by some good computational properties of the resulting formula. As it turns

out, however, the problem lies not in our definition of prime implicates but rather

in the naıve way of defining prime implicate normal form. Indeed, in this chapter,

we propose a more sophisticated definition of prime implicate normal form, which

takes as its basis our selected notion of prime implicate but places some additional

restrictions on the way the prime implicates are represented.

6.2 Definition of Prime Implicate Normal Form

The disappointing behavior of the naıve definition of prime implicate normal

form appears to stem at least partly from the fact that the formulae behind the

modalities are left undecomposed. It seems then that we should require not only

that the original formula be represented by its prime implicates but also that the

sub-formulae appearing in the prime implicates be themselves represented by their

prime implicates. This intuition is at the heart of our definition of prime implicate

normal form for Kn formulae:

Definition 6.2.1 (Prime Implicate Normal Form).

A formula ϕ is in prime implicate normal form if and only if it satisfies one of the

following conditions:

1. ϕ = ⊥

2. ϕ = ⊤

3. ϕ 6|= ⊥ and 6|= ϕ and ϕ = λ1 ∧ ... ∧ λp where

(a) λi 6|= λj for i 6= j

(b) each prime implicate of ϕ is equivalent to some conjunct λi

(c) every λi is such that

i. if θ is a disjunct of λi, then λi 6≡ λi \ {θ}

6. Prime Implicate Normal Form 143

ii. |Diamk(λi)| ≤ 1 for every 1 ≤ k ≤ n

iii. if ψ ∈ Diamk(λi)∪Boxk(λi) for some 1 ≤ k ≤ n, then ψ is in prime

implicate normal form

iv. if ψ ∈ Diamk(λi) and ζ ∈ Boxk(λi) for some 1 ≤ k ≤ n, then ψ |= ζ

Let us briefly go over the different points of the definition. The first two items

state that all unsatisfiable formulae must be represented as ⊥ and all tautologous

formulae must be represented as ⊤. All other formulae are to be represented by a

conjunction of their prime implicates, but we place some strong restrictions on how

the prime implicates themselves are represented. First, we require that they contain

no unnecessary disjuncts (part (i) of 3c). We also stipulate that they contain at

most one 3k-disjunct for each k (part (ii)) and that the formulae appearing behind

the modalities be themselves in prime implicate normal form (part (iii)). Finally, we

demand that if a prime implicate contains disjuncts 3k ψ and 2k ζ then ψ and ζ are

such that ψ |= ζ (part (iv)). This requirement may seem a little less intuitive than

the others, but it ensures that if a 2k-formula entails a clause, then it entails some

2k-formula appearing in the clause 1. This property is crucial since it will allow our

algorithm for entailment-testing to treat the universal modalities separately from

the existential ones.

We remark that in the case of propositional formulae, our definition of prime

implicate normal form coincides with the standard propositional definition.

Example 6.2.2.

Some examples of clauses which are not in prime implicate normal form:

• λ1 = 21b ∨ 31c, since c 6|= b

• λ2 = 31(b ∧ 22⊥) ∨ 31(c ∨ d) ∨ a, since |Diam1(λ2)| = 2

• λ3 = 3(a ∧ ¬a) since λ3 |= ⊥ but λ3 6= ⊥

• λ4 = 21(a ∨ 22(b ∨ ¬b)) since |= λ4 but λ4 6= ⊤

• λ5 = a ∨ 21(a ∧ b) ∨ 21(a ∧ b ∧ ¬c), since λ5 ≡ λ5 \ {21(a ∧ b ∧ ¬c)}

• λ6 = 21((a ∧ b) ∨ c) since (a ∧ b) ∨ c is not in prime implicate normal form

Example 6.2.3.

Some examples of general formulae which are not in prime implicate normal form:

• ϕ1 = (a∨32c)∧ (¬a∨ c), since the prime implicate c∨32c is not equivalent

to any conjunct of ϕ1

• ϕ2 = a ∧ (a ∨ 23b), since a |= (a ∨ 23b)

• ϕ3 = (a ∨ ¬d) ∧ 21((a ∧ b) ∨ c), since the subformula (a ∧ b) ∨ c of ϕ3 is not

in prime implicate normal form

1. This does not hold in general: 2a |= 3a ∨ 2b but 2a 6|= 2b.

144 6.2. Definition of Prime Implicate Normal Form

Example 6.2.4.

Some examples of clauses which are in prime implicate normal form:

• a ∨ 22 21 d, since:

– no unnecessary disjuncts, nor any 3-disjuncts

– d is in prime implicate normal form, and hence so is 21 d

• ¬a ∨ 32 ( a ∧ b ), since:

– no unnecessary disjuncts or 2-disjuncts

– a single 32-disjunct

– a ∧ b is in prime implicate normal form

• 21 ( ( a ∨ 32 ⊤ ) ∧ (22 ⊥ ∨ c ) ∧ ( a ∨ c ) ), since:

– consists of a single 2-literal, so satisfies trivially conditions 3(c)(i), 3(c)(ii),

and 3(c)(iv)

– the subformula a ∨ 32 ⊤ is in prime implicate normal form since it contains

no unnecessary disjuncts or 2-disjuncts, a single 32-disjunct, and ⊤ is in

prime implicate normal form

– the subformula 22 ⊥ ∨ c is in prime implicate normal form since it con-

tains no unnecessary disjuncts nor 3-disjuncts, and ⊥ is in prime implicate

normal form

– ( a ∨ 32 ⊤ ) ∧ (22 ⊥ ∨ c ) ∧ ( a ∨ c ) is in prime implicate normal form

since it contains no unnecessary conjuncts, and its conjuncts are its only

prime implicates and are themselves in prime implicate normal form (see

previous two bullets)

• 22 ( (21 d ∨ a ) ∧ (21 d ∨ b ) ) ∨ 32 ( a ∧ b ), since:

– no unnecessary disjuncts

– only a single 32-disjunct

– a ∧ b is in prime implicate normal form

– (21 d ∨ a ) ∧ (21 d ∨ b ) is in prime implicate normal form, since its

conjuncts are its only prime implicates, there are no redundant conjuncts,

and both conjuncts are themselves in prime implicate normal form

– we have a ∧ b |= (21 d ∨ a ) ∧ (21 d ∨ b )

Example 6.2.5.

Consider the formula ϕ defined as follows

( a ∨ 22 21 d )

∧ (¬a ∨ 32 ( a ∧ b ) )

∧ (22 ( (21 d ∨ a ) ∧ (21 d ∨ b ) ) ∨ 32 ( a ∧ b ) )

∧ 21 ( ( a ∨ 32 ⊤ ) ∧ (22 ⊥ ∨ c ) ∧ ( a ∨ c ) )

∧ 31 ( a ∧ ¬c ∧ 22 ⊥ )


We would like to show that ϕ is in prime implicate normal form. We first note that

ϕ is neither a contradiction nor a tautology, so part 3 of Definition 6.2.1 applies.

We then note that every prime implicate of ϕ is equivalent to a conjunct of ϕ.

This is because ϕ is equivalent to the formula in Example 4.1.16, and each of the

prime implicates from Example 4.1.16 is equivalent to one of the conjuncts of ϕ.

Moreover, none of the conjuncts of ϕ entails one of the other conjuncts, as can easily

be verified. Finally, we know from Example 6.2.4 that the first four conjuncts of ϕ

satisfies conditions 3(c)(i)-3(c)(iv), and the same can be shown for its final conjunct

31 ( a ∧ ¬c ∧ 22 ⊥ ) (since 22 ⊥, and hence a ∧ ¬c ∧ 22 ⊥, is in prime implicate

normal form).

We will show later in the chapter (Theorem 6.4.3) that Definition 6.2.1 that

every formula can be rewritten as an equivalent formula in prime implicate normal

form. We first motivate the interest of doing so by exhibiting some of the desirable

properties of formulae in prime implicate normal form.

6.3 Properties of Prime Implicate Normal Form

In this section, we show that prime implicate normal form has some nice prop-

erties which make it an interesting target language for knowledge compilation.

6.3.1 Tractable entailment

The most important criterion when selecting a normal form for knowledge com-

pilation is the set of polynomial time queries that the normal form supports. In

[DM02], the authors enumerate a set of queries which they then use to compare dif-

ferent normal forms for propositional logic. Of the eight queries they consider, only

four are well-defined 2 for Kn: satisfiability-testing, tautology-testing, entailment,

and equivalence-testing. We show that for formulae in prime implicate normal form,

all four queries are computable in polynomial time.

For satisfiability and tautology-testing, there is really nothing to prove since by

definition a formula ϕ in prime implicate normal form is unsatisfiable just in the

case that ϕ = ⊥ and is tautologous just in the case that ϕ = ⊤. It follows that

these tasks can be carried out in constant-time.

For entailment and equivalence, we introduce a structural comparison algorithm

Π-Entail which decides entailment between formulae in prime implicate normal

2. For example, clausal entailment is under-specified since there are many possible definitions

of clauses in Kn, and model counting makes little sense since every formula has infinitely many

distinct models.

146 6.3. Properties of Prime Implicate Normal Form

Algorithm 6.1 Π-Entail

Input: formulae ϕ1 and ϕ2, both in prime implicate normal form

Output: yes if ϕ1 |= ϕ2, and no otherwise

(1) If ϕ1 = ⊥ or ϕ2 = ⊤, return yes.

(2) If ϕ1 = ⊤ and ϕ2 6= ⊤ or ϕ2 = ⊥ and ϕ1 6= ⊥, return no.

(3) For each conjunct λ of ϕ2

Set MatchFound = no

For each conjunct θ of ϕ1

If MatchFound = no, then set MatchFound = yes if the following

three conditions are satisfied:

(a) Prop(θ) ⊆ Prop(λ)

(b) if ψ ∈ Diamk(θ), then there is ψ′ ∈ Diamk(λ) such that

Π-Entail(ψ, ψ′)=yes

(c) if ψ ∈ Boxk(θ), then there is some ψ′ ∈ Boxk(λ) such that

Π-Entail(ψ, ψ′)=yes

If MatchFound = no, return no.

Return yes.

form. Let us explain briefly the functioning of Π-Entail. The first two steps treat

limit cases where one or both of the formulae is unsatisfiable or tautologous. For

all other pairs of formulae, we proceed to Step 3, in which we perform a structural

comparison of the two formulae. We know that a formula ϕ1 entails a formula

ϕ2 in prime implicate normal form just in the case that ϕ1 entails each of the

conjuncts of ϕ2. Moreover, it follows from the Covering property (Theorem 3.2.8)

that ϕ1 entails a clausal conjunct λ of ϕ2 if and only if some prime implicate of

ϕ1 entails λ. As formulae in prime implicate normal form are conjunctions of their

prime implicates, testing whether ϕ1 entails ϕ2 comes down to testing whether

each conjunct of ϕ2 is entailed by some conjunct of ϕ1. If we hadn’t placed any

requirements on the form of the conjuncts, then this problem would be as hard as

entailment in general. But since ϕ1 and ϕ2 are in prime implicate normal form,

their conjuncts have a particular structure which makes subsumption easy to test.

We first check that the propositional literals in the first conjunct all appear in

the second conjunct. We then call Π-Entail on sub-formulae appearing in the

two conjuncts in order to ensure that each 3- or 2-formula appearing in the first

conjunct entails some 3- or 2-formula in the second. The algorithm performs these

checks on each possible pair of conjuncts and returns no if it finds some conjunct

of ϕ2 which does not subsume any conjunct of ϕ1. If no such conjunct is found,

the algorithm returns yes since every conjunct of ϕ2 has been shown to be implied


by some conjunct of ϕ1, which means that ϕ1 entails ϕ2.

We illustrate the functioning of the algorithm on an example:

Example 6.3.1.

Let ϕ be defined as in Example 6.2.5:

( a ∨ 22 21 d )

∧ (¬a ∨ 32 ( a ∧ b ) )

∧ (22 ( (21 d ∨ a ) ∧ (21 d ∨ b ) ) ∨ 32 ( a ∧ b ) )

∧ 21 ( ( a ∨ 32 ⊤ ) ∧ (22 ⊥ ∨ c ) ∧ ( a ∨ c ) )

∧ 31 ( a ∧ ¬c ∧ 22 ⊥ )

and let ψ be the formula

( a ∨ b ∨ 22 a ∨ 22 21 ( d ∨ 32 a)) ∧ (¬c ∨ 31 ( a ∧ b ))

We showed in Example 6.2.5 that ϕ is in prime implicate normal form, and it can

be verified that this is also the case for ψ. We can thus use Π-Entail to decide

whether ϕ |= ψ. The algorithm will proceed directly to Step 3 as neither ϕ nor ψ

is equal to ⊤ or ⊥.

In Step 3, we consider each of the conjuncts of ψ in turn. We start with

the first conjunct of ψ which is a ∨ b ∨ 22 a ∨ 22 21 ( d ∨ 32 a). The variable

MatchFound is initialized to no, and we then select the first conjunct of ϕ which

is a ∨ 22 21 d. This pair of conjuncts satisfies condition (a) since {a} ⊆ {a, b}.

Condition (b) is trivially satisfied since there are no 3-disjuncts in a ∨ 22 21 d. To

determine whether condition (c) holds for the pair of conjuncts, we need to check

whether either Π-Entail(21d, a)=yes or Π-Entail(21 d, 21 ( d ∨32 a))=yes. We

have Π-Entail(d, a)=no since the two input formulae consist of a single clause,

and {d} 6⊆ {a}. To determine the value of Π-Entail(21 d, 21 ( d ∨ 32 a)), we

must recursively call Π-Entail on the pair of formulae behind the 21 operators.

We have Π-Entail(d, d ∨ 32 a)=yes since {d} ⊆ {d}, and hence Π-Entail(21 d,

21 ( d ∨ 32 a))=yes. We have thus shown that this pair of conjuncts satisfies all

three conditions, so we set MatchFound = yes.

As we have found a match for the first conjunct of ψ, we will move on to the

second conjunct which is ¬c ∨ 31 ( a ∧ b ). We reset MatchFound to no, and we

then consider the first conjunct of ϕ, which fails condition (a) since {a} 6⊆ {¬c}.

The second conjunct of ϕ also fails condition (a) since {¬a} 6⊆ {¬c}. The third

conjunct fails condition (b) since ¬c ∨ 31 ( a ∧ b ) has no 32-disjuncts. The fourth

conjunct fails condition (c) since ¬c ∨ 31 ( a ∧ b ) has no 2-formulae as disjuncts..


Finally, to decide whether the fifth conjunct of ϕ constitutes a match, we call Π-

Entail(a ∧ ¬c ∧ 22 ⊥, a ∧ b). We find a match for the first conjunct a of a ∧ b.

We do not however find a match for the second conjunct b since the conjuncts a

and ¬c both falsify condition (a) and the conjunct 22 ⊥ has no propositional part.

Thus, Π-Entail(a∧¬c ∧ 22 ⊥, a ∧ b)=no, which means that the fifth conjunct of

ϕ does not satisfy condition (c) and MatchFound will still be no at the end of the

for-loop. It follows that Π-Entail will return no for the pair of formulae (ϕ, ψ),

which is the correct answer since ϕ 6|= ψ.

We now prove that Π-Entail behaves as desired when the input formulae are

in prime implicate normal form.

Lemma 6.3.2.

If ϕ1 and ϕ2 are both in prime implicate normal form, then the algorithm Π-Entail

outputs yes on input (ϕ1, ϕ2) if ϕ1 |= ϕ2.

Proof. The proof is by induction on min(δ(ϕ1), δ(ϕ2)). We begin with the base case

where ϕ1 |= ϕ2 and min(δ(ϕ1), δ(ϕ2)) = 0, i.e. where one or both of ϕ1 and ϕ2

is propositional. There are three possibilities: either ϕ1 |= ⊥, or |= ϕ2, or neither

ϕ1 |= ⊥ nor |= ϕ2. In the first case, ϕ1 must be ⊥ (otherwise ϕ1 would not be in

prime implicate normal form), so the algorithm will return yes in Step 1. Similarly,

in the second case, we must have ϕ2 = ⊤, so the algorithm returns yes in the first

step.

Let us then concentrate on the third case in which ϕ1 6|= ⊥ and 6|= ϕ2. Since

ϕ1 |= ϕ2, it follows that we must also have ϕ2 6|= ⊥ and ⊤ 6|= ϕ1. This means

that the conditions for Steps 1 and 2 of Π-Entail are not satisfied, so we will

proceed to Step 3. Now since ϕ1 |= ϕ2, it must be the case that ϕ1 entails every

conjunct of ϕ2. As the conjuncts of ϕ2 are all clausal formulae (since ϕ2 is in prime

implicate normal form), it follows from Theorem 3.2.8 that every conjunct in ϕ2 is

entailed by some prime implicate of ϕ1. But since ϕ1 is in prime implicate normal

form, every prime implicate of ϕ1 is equivalent to some conjunct of ϕ1. This means

that for every conjunct λ of ϕ2 there must be some conjunct θ of ϕ1 such that

θ |= λ. If ϕ1 is propositional, then so are all its conjuncts, so θ |= λ just in the case

that Prop(θ) ⊆ Prop(λ) (by Theorem 2.3.3). It follows that when the algorithm

considers the conjuncts λ and θ, it will set MatchFound = yes. If instead it is

ϕ2 which is propositional, then λ is also propositional, so every disjunct of θ must

be either a propositional literal which belongs to λ or a formula of the form 3ψ

where ψ is unsatisfiable (otherwise we would not have θ |= λ). But since θ is in

prime implicate normal form it cannot have any unsatisfiable disjuncts, so θ must


be composed only of propositional literals which all appear in λ. This means that

the algorithm will mark MatchFound = yes when considering the pair of formulae

λ and θ. Thus, in either case, we have that for each conjunct λ of ϕ2, there is

some conjunct θ of ϕ1 for which we will mark MatchFound = yes, so Π-Entail

will return yes.

We have just shown that Π-Entail returns yes whenever the input formulae ϕ1

and ϕ2 are such that ϕ1 |= ϕ2 and min(δ(ϕ1), δ(ϕ2)) = 0. Now let us suppose that

the result holds whenever we have min(δ(ϕ1), δ(ϕ2)) ≤ k and then show that the

result still holds when the minimum depth is k + 1.

Let ϕ1 and ϕ2 be formulae in prime implicate normal form such that ϕ1 |= ϕ2

and min(δ(ϕ1), δ(ϕ2)) = k + 1. As ϕ1 and ϕ2 both have positive depth, it follows

that they can be neither unsatisfiable nor tautologous (since in that case they would

be equal to either ⊥ or ⊤, both of which have depth zero). That means that the

algorithm will proceed directly to Step 3. Let λ be some conjunct of ϕ2. Now since

ϕ1 |= ϕ2, we must have ϕ1 |= λ. As ϕ2 is in prime implicate normal form, λ must

be a clause, so Theorem 3.2.8 tells us that there is some prime implicate π of ϕ1

such that π |= λ. The formula ϕ1 is also in prime implicate normal form, so there

must be some conjunct θ of ϕ1 such that π ≡ θ and hence such that θ |= λ. As λ

and θ are both clauses, and λ is non-tautologous, by Theorem 2.3.3 we must have:

(a) Prop(θ) ⊆ Prop(λ)

(b) If Diami(θ) 6= ∅,∨

ψ∈Diami(θ)ψ |=

∨

ζ∈Diami(λ) ζ (or just∨

ψ∈Diami(θ)ψ |=

⊥ if Diami(λ) = ∅)

(c) If ψ ∈ Boxi(θ), then there is some ǫ ∈ Boxi(λ) such that ψ |= ǫ ∨

(∨

ζ∈Diami(λ) ζ)

(or ψ |= ǫ if Diami(λ) = ∅)

Statement (a) means that the first condition of the algorithm is satisfied for the

pair λ and θ. As for the second condition, let us suppose that θ has at least

one 3i-disjunct. As ϕ1 is in prime implicate normal form, there must be exactly

one element in Diami(θ), and this element must be satisfiable (otherwise θ would

contain an unnecessary disjunct). Let ψ be this formula. Now because of (b)

and the fact ψ is satisfiable, Diami(λ) must be non-empty and ψ must entail

the disjunction of the elements in Diami(λ). But ϕ2 is also in prime implicate

normal form, so there must be a single element in Diami(λ), call it ψ′. We thus

have ψ |= ψ′. Because ϕ1 and ϕ2 are formulae in prime implicate normal form with

min(δ(ϕ1), δ(ϕ2)) = k+1, it follows that ψ and ψ′ are also in prime implicate normal

form and min(δ(ψ), δ(ψ′)) ≤ k. This means the induction hypothesis applies, so

Π-Entail(ψ,ψ′)=yes, and hence the second condition of the algorithm is satisfied

for the pair λ and θ. Finally, we remark that because of statement (c) above and


condition 3(c)iv of Definition 6.2.1 (which applies to λ and θ since we have assumed

ϕ1 and ϕ2 are in prime implicate normal form) it follows that for each disjunct

2iψ of θ there is some disjunct 2iψ′ of λ such that ψ |= ψ′. Now ψ and ψ′ are

formulae in prime implicate normal form (by part 3(c)iii of Definition 6.2.1) such

that min(δ(ψ), δ(ψ′)) ≤ k and ψ |= ψ′, so according to the induction hypothesis,

it must be the case that Π-Entail(ψ,ψ′)=yes. This means that λ and θ satisfy

the third and final condition of the algorithm. We have thus shown that for every

conjunct λ of ϕ2 there is some conjunct θ of ϕ1 such that the three conditions

of Step 3 are satisfied. This means that the algorithm will return yes on input

(ϕ1, ϕ2).

Lemma 6.3.3.

If ϕ1 and ϕ2 are both in prime implicate normal form, then the algorithm Π-Entail

outputs no on input (ϕ1, ϕ2) if ϕ1 6|= ϕ2.

Proof. The proof is by induction on min(δ(ϕ1), δ(ϕ2)). We begin with the base

case where ϕ1 6|= ϕ2 and min(δ(ϕ1), δ(ϕ2)) = 0, i.e. where one or both of ϕ1 and

ϕ2 is propositional. If |= ϕ1 and 6|= ϕ2, then ϕ1 = ⊤ and ϕ2 6= ⊤ (since ϕ1 and ϕ2

are assumed to be in prime implicate normal form), so the algorithm will return no

in the second step. Likewise, if ϕ2 |= ⊥ and ϕ1 6|= ⊥, then we must have ϕ1 6= ⊥

and ϕ2 = ⊥, so the algorithm returns no in Step 2. If neither of these cases holds,

then ϕ1 and ϕ2 must both be satisfiable and non-tautologous, and the algorithm

proceeds to Step 3. As ϕ1 6|= ϕ2, it must be the case that there is some conjunct λ

of ϕ2 such that θ 6|= λ for every conjunct θ of ϕ1. If it is ϕ1 that is propositional,

then it follows from Theorem 2.3.3 that Prop(θ) 6⊆ Prop(λ) for every conjunct

θ of ϕ1. If it is ϕ2 that is propositional, then for each conjunct θ of ϕ1 either

Prop(θ) 6⊆ Prop(λ) or θ contains modal disjuncts. In either case, we find that each

conjunct θ of ϕ1 violates at least one of the conditions in Step 3. This means that

the algorithm does not set MatchFound = yes at any point when examining the

conjunct λ and hence returns no.

We have thus shown that Π-Entail returns no whenever ϕ1 and ϕ2 are formulae

in prime implicate normal form such that ϕ1 6|= ϕ2 and min(δ(ϕ1), δ(ϕ2)) = 0. We

will now suppose that the same statement holds whenever min(δ(ϕ1), δ(ϕ2)) ≤ k

and will show that the result remains true when the minimal depth is k + 1.

Let ϕ1 and ϕ2 be formulae in prime implicate normal form such that ϕ1 6|= ϕ2

and min(δ(ϕ1), δ(ϕ2)) = k+1. Since ϕ1 and ϕ2 are in prime implicate normal form

and have positive depth, ϕ1 and ϕ2 cannot be equal to ⊤ or ⊥, so the algorithm

proceeds directly to Step 3. As ϕ1 6|= ϕ2, there must be some conjunct λ of ϕ2 such

that θ 6|= λ for every conjunct θ of ϕ1. According to Theorem 2.3.3, this means


that for every conjunct θ of ϕ1 we have one of the following:

(a) Prop(θ) 6⊆ Prop(λ)

(b) For some 1 ≤ i ≤ n: Diami(θ) 6= ∅ and either Diami(λ) = ∅ and∨

ψ∈Diami(θ)ψ 6|= ⊥ or Diami(λ) 6= ∅ and

∨

ψ∈Diami(θ)ψ 6|=

∨

ζ∈Diami(λ) ζ

(c) For some 1 ≤ i ≤ n and ψ ∈ Boxi(θ), there is no ǫ ∈ Boxi(λ) such that

ψ |= ǫ ∨ (∨

ζ∈Diami(λ) ζ) (or ψ |= ǫ if Diami(λ) = ∅)

If (a) holds, then the first condition of Step 3 is violated. If (b) holds, then either

Diami(λ) = ∅ or ψ 6|= ψ′, where ψ ∈ Diami(θ) and ψ′ ∈ Diami(λ) (remember

that since ϕ1 and ϕ2 are in prime implicate normal form, the clauses λ and θ

can have at most one 3i-disjunct each). In the first case, the second condition

of Step 3 is violated since Diami(λ) is empty. In the second case, the condition

is also violated since ψ and ψ′ are formulae in prime implicate normal form such

that ψ 6|= ψ′ and min(δ(ψ), δ(ψ′)) ≤ k, so according to the induction hypothesis

Π-Entail(ψ,ψ′)=no. Finally, if (c) holds, then for some disjunct 2iψ of θ and

every disjunct 2iψ′ of λ we have ψ 6|= ψ′ ∨ ζ where ζ ∈ Diami(λ) (or simply

ψ 6|= ψ′ if Diami(λ) is empty). But since λ is in prime implicate normal form, if

ζ ∈ Diami(λ) then ψ′ ≡ ψ′∨ ζ. So we get that ψ 6|= ψ′, and hence by the induction

hypothesis (which applies since ψ and ψ′ are in prime implicate normal form and

min(δ(ψ), δ(ψ′)) = k) that Π-Entail(ψ,ψ′) returns no. We have thus shown that

for every conjunct θ of ϕ1 at least one of the three conditions of Step 3 will not be

satisfied for the pair λ and θ. This means that when the algorithm has finished its

examination of the conjunct λ, the variable MatchFound will still be set to no, so

Π-Entail will return no.

Lemma 6.3.4.

The algorithm Π-Entail terminates in linear time in |ϕ1| |ϕ2| (hence at most

quadratic time in |ϕ1| + |ϕ2|) when given formulae ϕ1 and ϕ2 as input.

Proof. The algorithm Π-Entail compares at most once each pair of symbols from

ϕ1 and ϕ2, and the comparison takes constant time, yielding an overall complexity

which is linear in |ϕ1| |ϕ2|.

Theorem 6.3.5.

Entailment of formulae in prime implicate normal form can be decided in quadratic

time in the size of the input.

Proof. Direct consequence of Lemmas 6.3.2, 6.3.3, and 6.3.4.

Corollary 6.3.6.

Equivalence of formulae in prime implicate normal form can be decided in quadratic

time in the size of the input.


If we examine the proofs of Lemmas 6.3.2 and 6.3.3, we remark that only some

of the properties of prime implicate normal form are used for the first formula

and others for the second formula. It is thus interesting to investigate exactly

what properties are needed to ensure the correctness of our structural comparison

algorithm. In particular, it would be nice to loosen the conditions on the second

formula, as this would allow us to more easily pose entailment queries to formulae

compiled into prime implicate normal form. In the following theorem, we make

explicit the conditions that must be placed on the two input formulae in order to

ensure the successful functioning of Π-Entail. For the statement of the theorem,

we require the following definition:

Definition 6.3.7.

A formula ϕ is said to be in extended conjunctive normal form if and only if ϕ is

a conjunction of clauses λi, and for every ψ such that 3kψ or 2kψ is a disjunct of

some λi, ψ is in extended conjunctive normal form.

Example 6.3.8.

The formula (a ∨ b) ∧ 32(a ∧ (¬b ∨ 21c)) is in extended conjunctive normal form,

but a ∧ 32((a ∧ b) ∨ c) is not since (a ∧ b) ∨ c is not a conjunction of clauses.

Theorem 6.3.9.

Let ϕ1 be a formula from Kn in extended conjunctive normal form such that:

• every prime implicate of ϕ1 is equivalent to some conjunct of ϕ1

• every formula ψ such that 3kψ or 2kψ is a subformula of ϕ1 is such that

every prime implicate of ψ is equivalent to some conjunct of ψ

• if ψ is an unsatisfiable subformula of ϕ1, then ψ = ⊥

• no satisfiable subclause of ϕ1 contains an unsatisfiable disjunct 3

Let ϕ2 be a formula from Kn in extended conjunctive normal form such that:

• every clausal subformula λ of ϕ2 is such that

– |Diamk(λ)| ≤ 1 for all 1 ≤ k ≤ n

– if γ ∈ Diamk(λ) and ζ ∈ Boxk(λ) for some 1 ≤ k ≤ n, then γ |= ζ

• if ψ is a tautologous subformula of ϕ2, then ψ = ⊤

• no non-tautologous conjunction appearing in ϕ2 contains a tautologous con-

junct 4

3. Any formula ϕ1 which satisfies the third bullet can be easily transformed into an equivalent

formula satisfying the fourth bullet: we simply remove any disjuncts ⊥ from the clauses appearing

in ϕ1. Alternatively, we can modify the algorithm Π-Entail to allow for the case where disjuncts

in the first formula may be ⊥.

4. If the previous bullet is satisfied by ϕ2, then we can simply remove any conjuncts ⊤ from

the conjunctions in ϕ2. Or we could slightly modify Π-Entail so as to allow the second formula

to have conjuncts of the form ⊤.


Then the algorithm Π-Entail outputs yes on input (ϕ1, ϕ2) if and only if ϕ1 |= ϕ2.

Proof. Lemmas 6.3.2 and 6.3.3 are straightforwardly modified to handle input for-

mulae of the types described in the statement of the theorem in place of formulae

in prime implicate normal form.

Note 6.3.10.

In what follows, we will need to make reference several times to the conditions on ϕ1

and ϕ2 outlined in Theorem 6.3.9. For this reason, and to simplify the presentation,

we will call the conditions placed on ϕ1 the conditions on left-hand-side formulae,

and the conditions on ϕ2 the conditions on right-hand-side formulae.

Theorem 6.3.9 is important since it allows us to use our structural comparison

algorithm on a wider class of queries. The following three results illustrate some

specific types of queries that are made possible by this theorem.

Theorem 6.3.11.

Let ϕ1 be a formula in prime implicate normal form, and let ϕ2 be a term with

respect to definition D1. Then it can be decided in quadratic time in |ϕ1| + |ϕ2|

whether ϕ1 |= ϕ2.

Proof. Let ϕ1 and ϕ2 be as stated, and consider the following procedure:

Step 1 If 2kψ is a subformula of ϕ2 such that ψ is built up uniquely from ⊤, ∧,

and universal modalities 2i (1 ≤ i ≤ k), then replace all occurrences of 2kψ

by ⊤ in ϕ2. Repeat Step 1 until no such subformulae remain.

Step 2 If ψ is a subterm of ϕ2 with only conjuncts ⊤, replace ψ with ⊤. Otherwise,

if ψ is a subterm of ϕ2 having some (but not all) conjuncts equal to ⊤, then

remove all conjuncts ⊤ from ψ. Repeat Step 2 until no such subterms remain.

We note that any formula constructed uniquely out of ⊤, conjunction, and the

universal modal operators must be a tautology. This means that the modifications

in the above procedure are equivalence-preserving, so the formula we obtain, call it

ϕ′2, is equivalent to ϕ2. It follows then that ϕ1 |= ϕ2 if and only if ϕ1 |= ϕ′2.

We claim that ϕ′2 satisfies the requirements of right-hand-side formulae. It is

easy to see that ϕ′2 is in extended conjunctive normal form. It also easy to see

that it satisfies the next two bullets of Theorem 6.3.9, since it does not contain any

disjunctions, making it impossible to have more than one 3k-disjunct, or pair of

disjuncts 3kψ and 2kγ, in a clausal subformula. Finally, because of the modifi-

cations we have made, there can be no tautologous subformula in ϕ′2 which is not

equal to ⊤ nor any subformula which is a non-tautologous conjunction having a

conjunct ⊤


All of the conditions outlined in Theorem 6.3.9 for right-hand-side formulae are

satisfied by ϕ′2, and ϕ1 clearly satisfies the requirements on left-hand side formulae,

being a formula in prime implicate normal form. It follows that we can use Π-Entail

to decide whether ϕ1 |= ϕ′2.

Then to complete the proof, we just need to show that the above procedure for

transforming ϕ2 into ϕ′2 runs in quadratic time in |ϕ2|. This is quite easy to see:

the first step can only be repeated at most |ϕ2| times since we remove a 2-formula

at each iteration (and never add any 2-formulae), and there cannot be more than

|ϕ2| 2-formulae in ϕ2. Moreover, each iteration takes only linear time in |ϕ2| since

we simply scan the symbols in one of the subformulae of ϕ2, and the modifications

made to ϕ2 in Step 1 never increase its length. Step 2 can also be carried out in

linear time, since it involves a single pass through ϕ2, and the modified |ϕ2| has

equal or smaller length to the original formula. Thus, the modification of ϕ2 into

ϕ′2 takes only quadratic time in |ϕ2|. As |ϕ′2| ≤ |ϕ2|, and it is possible to decide

ϕ1 |= ϕ′2 in time quadratic in |ϕ1|+ |ϕ′2| using Π-Entail (Lemma 6.3.4), we obtain

a method for deciding ϕ1 |= ϕ2 in time quadratic in |ϕ1| + |ϕ2|.

Example 6.3.12.

Let ϕ be the formula in prime implicate normal form from Example 6.2.5:

( a ∨ 22 21 d )

∧ (¬a ∨ 32 ( a ∧ b ) )

∧ (22 ( (21 d ∨ a ) ∧ (21 d ∨ b ) ) ∨ 32 ( a ∧ b ) )

∧ 21 ( ( a ∨ 32 ⊤ ) ∧ (22 ⊥ ∨ c ) ∧ ( a ∨ c ) )

∧ 31 ( a ∧ ¬c ∧ 22 ⊥ )

and let τ be the following D1-term

31 ( a ∧ 22 ( b ∧ c ) ) ∧ 23 (⊤ ∧ 21 ⊤ )

We want to test whether ϕ |= τ . To do this, we first simplify τ using the procedure

given in the proof of Theorem 6.3.11. This involves replacing the tautologous

subformula 23 (⊤ ∧ 21 ⊤ ) with ⊤, and then removing ⊤ from the conjunction.

We obtain the equivalent D1-term τ ′:

31 ( a ∧ 22 ( b ∧ c ) )

We can now use Π-Entail to decide whether ϕ |= τ ′, and hence whether ϕ |= τ .

As neither ϕ nor τ ′ is equal to ⊤ or ⊥, we proceed directly to Step 3, in which we

compare the sole conjunct of τ to each of the conjuncts of ϕ to τ ′ in order to find


some conjunct which satisfies the three requirements. The first two conjuncts of ϕ

do not satisfy requirement (a) since they possess propositional disjuncts which do

not appear in τ ′. The third conjunct falsifies requirements (b) and (c) as its 22-

and 32-disjuncts do not match up to the unique disjunct in τ ′. The fourth conjunct

of ϕ does not satisfy the requirements either, as it possesses a 2-disjunct, and τ ′

does not. Finally, the fifth conjunct of ϕ trivially satisfies requirements (a) and

(c) since it does not have any propositional or 2-disjuncts. In order to show that

this conjunct also satisfies requirement (b), we need to call Π-Entail on the pair of

formulae a∧¬c ∧ 22 ⊥ and a ∧ 22 ( b ∧ c ). The algorithm will return yes on this

input, since the conjunct a in the second formula matches up with the conjunct a in

the first formula, and the conjunct 22 ( b ∧ c ) of the second formula matches with

the conjunct 22 ⊥ (since Π-Entail always returns yes when the first formula is ⊥).

Thus, while examining the fifth conjunct of ϕ, we will set MatchFound = yes, and

hence Π-Entail will return yes at the end of Step 3.

Theorem 6.3.13.

Let ϕ1 be a formula in prime implicate normal form, and let ϕ2 be a formula in

extended conjunctive normal form such that for every clausal subformula λ of ϕ2

and every 1 ≤ k ≤ n either |Diamk(λ)| = 0 or |Diamk(λ)| = 1 and |Boxk(λ)| = 0.

Then it can be decided in quadratic time in |ϕ1| + |ϕ2| whether ϕ1 |= ϕ2.

Proof. Let ϕ1 and ϕ2 be as described. In order to be able to apply Theorem 6.3.9,

we need to show how to transform ϕ2 into an equivalent formula satisfying all of the

requirements for right-hand-side formulae. Let us consider the following recursive

procedure RemoveTaut which takes as input a formula ψ = λ1∧...∧λl in extended

conjunctive normal form:

Step 1 For each λi: Replace each disjunct 2kγ (resp. 3kγ) by 2kRemoveTaut(γ)

(resp. 3kRemoveTaut(γ)). Afterwards, check whether λi contains comple-

mentary propositional disjuncts or some disjunct of the form 2k⊤, and replace

λi by ⊤ if this is the case.

Step 2 If all conjuncts of ψ are ⊤, replace ψ by ⊤, else remove all conjuncts ⊤

from ψ.

Step 3 Return the modified formula ψ.

It is easy to see that this procedure outputs a formula which is equivalent to the

input formula, as each of the modifications is equivalence-preserving. We claim

furthermore that if the input is a formula in extended conjunctive normal form such

that for every clausal subformula λ and every 1 ≤ k ≤ n either |Diamk(λ)| = 0 or

|Diamk(λ)| = 1 and |Boxk(λ)| = 0, then the output formula satisfies all conditions


of the right-hand side formula. The proof is by induction on the depth of the input

formula. The base case is when δ(ψ) = 0. In this case, in Step 1, we replace all

tautologous clauses by ⊤, and in Step 2, we remove extra ⊤ conjuncts from ψ. The

output formula is thus either ⊤ or a conjunction of non-tautologous propositional

clauses, so all conditions of right-hand-side formulae are satisfied.

Let us next assume that our statement holds whenever the input formula has

depth at most m. Let ψ be a formula in extended conjunctive normal form of

depth m+ 1 such that for every clausal subformula λ and every 1 ≤ k ≤ n either

|Diamk(λ)| = 0 or |Diamk(λ)| = 1 and |Boxk(λ)| = 0, and let ψ′ be the output

of the above procedure on input ψ. As we never add 2- or 3-formulae during the

procedure, we can be sure that ψ′ is also such that for every clausal subformula λ

and every 1 ≤ k ≤ n either |Diamk(λ)| = 0 or |Diamk(λ)| = 1 and |Boxk(λ)| = 0.

It remains to be shown that every tautologous subformula of ψ′ is equal to ⊤.

Suppose that this is not the case. Then there must be some subformula ζ such

that |= ζ but ζ 6= ⊤. Suppose first that ζ appears in the scope of one or more

modal operators. Then that means that there is some disjunct 3kγ or 2kγ of

one of the clausal conjuncts of ψ′, such that ζ is a subformula of γ. We know

from the definition of RemoveTaut that there must be some subformula σ of ψ

such that γ = RemoveTaut(σ). As σ appears in ψ behind a modal operator,

it must be a formula in extended conjunctive normal form of depth at most m

such that every clausal subformulae λ of σ is such that either |Diamk(λ)| = 0 or

|Diamk(λ)| = 1 and |Boxk(λ)| = 0 for 1 ≤ k ≤ n. This means that the formula

γ = RemoveTaut(σ) satisfies all conditions of Theorem 6.3.9. In particular, γ

cannot contain ζ as a subformula. It follows then that ζ must be a subformula of

ψ′ which appears outside the modal operators. If ζ is a literal, then it must be

of the form 2kµ, since a propositional literal or 3-formula cannot be a tautology.

Since 2kµ is a tautology, we must have µ ≡ ⊤. But we have just shown that

all tautologous subformulae appearing behind the modal operators in ψ′ are equal

to ⊤, so µ = ⊤. But this is a contradiction, since we would have replaced the

clause containing 2k⊤ with ⊤ in Step 1 (and then removed the clause in Step 2).

Suppose next that ζ is a clausal conjunct of ψ′. Then by Theorem 2.3.1 it must

contain either a pair of complementary propositional literals or a tautologous 2-

disjunct. In the latter case, we know from preceding discussion that the tautologous

2-disjunct would have been turned into a formula of form 2k⊤ in Step 1. In either

case, we would have replaced the conjunct ζ by ⊤ in Step 1 and deleted it in Step 2,

contradicting the fact that ζ is a conjunct of ψ′. The only remaining possibility is

that ζ is a conjunction of clausal conjuncts of ψ′, but this too we can rule out since

we have just shown that any tautologous clausal conjunct of ψ′ is equal to ⊤, and


we either delete all such conjuncts in Step 2, or replace them by a single conjunct

⊤. We have thus shown that all of the tautologous subformulae of ψ′ are equal to

⊤. This means in particular that there can be no conjunctions in ψ′ which have

tautologous conjuncts but are not themselves tautologies, since they would have a

conjunct ⊤, and we have removed in Step 2 all ⊤ conjuncts from ψ.

We have just shown how to transform the formula ϕ2 into an equivalent formula

ϕ′2 which satisfies all of the requirements of right-hand-side formulae of Theorem

6.3.9. This means that we can test whether ϕ1 |= ϕ2 by using Π-Entail to decide

whether ϕ1 |= ϕ′2. According to Lemma 6.3.4, the algorithm Π-Entail will take

at most quadratic time in |ϕ1| + |ϕ2| since |ϕ′2| ≤ |ϕ2| (all of the modifications

in the above procedure decrease the size of the input formula). Moreover, the

transformation of ϕ2 into an equivalent formula ϕ′2 clearly takes at most quadratic

time in |ϕ2|, which means that it can be decided in time quadratic in |ϕ1| + |ϕ2|

whether ϕ1 |= ϕ2.

Example 6.3.14.


( a ∨ 22 21 d )

∧ (¬a ∨ 32 ( a ∧ b ) )

∧ (22 ( (21 d ∨ a ) ∧ (21 d ∨ b ) ) ∨ 32 ( a ∧ b ) )

∧ 21 ( ( a ∨ 32 ⊤ ) ∧ (22 ⊥ ∨ c ) ∧ ( a ∨ c ) )

∧ 31 ( a ∧ ¬c ∧ 22 ⊥ )


( b ∨ c ∨ 31 22 31 ¬a ) ∧ ( a ∨ 22 (¬a ∨ 21 ( d ∨ ¬d )))

We know from Example 6.2.5 that ϕ is in prime implicate normal form, and it

can be verified that ψ is a formula in extended conjunctive normal form satisfying

the conditions of Theorem 6.3.13. Applying the transformation from the proof of

Theorem 6.3.13 to ψ yields the equivalent formula

b ∨ c ∨ 31 22 31 ¬a

since RemoveTaut(d ∨ ¬d)=⊤, and hence RemoveTaut(¬a ∨ 21 ( d ∨ ¬d ))=⊤.

Now that we have put ψ in the proper form, we can use Π-Entail to test whether

ϕ |= ψ. As transformed ψ is comprised of a single clause, we just need to check

whether one of the clausal conjuncts of ϕ satisfies the three conditions with regards

to ψ. The first two conjuncts fail condition (a) since their propositional disjuncts


do not belong to {b, c}. The third and fourth conjuncts of ϕ fail condition (c) since

ψ does not have any 2-formulae as disjuncts. The fifth conjunct satisfies conditions

(a) and (c) by default since it does not have any propositional or 2-disjuncts. To

determine whether this conjunct also satisfies condition (b), we need to call Π-

Entail on the pair of formulae (a ∧ ¬c ∧ 22 ⊥,22 31 a). This call will succeed

since Π-Entail(⊥,31 a)=yes. It follows that MatchFound will be set to yes upon

examination of the fifth conjunct, and so Π-Entail will return yes, as desired.

Theorem 6.3.15.

Let ϕ1 be a formula in prime implicate normal form, and let ϕ2 be a formula in

extended conjunctive normal form of depth 1 such that for every subformula 3kψ

or 2kψ, the formula ψ is a clause. Then it can be decided in polynomial time in

|ϕ1| + |ϕ2| whether ϕ1 |= ϕ2.

Proof. Let ϕ1 and ϕ2 be as described. Consider the following procedure:

Step 1 Apply the following modifications to ϕ2:

(a) For each conjunct λ and index k: if Diamk(λ) = {ψ1, ..., ψm} where

m > 1, replace λ by λ \ {3kψ1, ...,3kψm} ∪ {3k⊤} if ψ1 ∨ ... ∨ ψm is a

tautologous propositional clause and by λ\{3kψ1, ...,3kψm}∪{3k(ψ1∨

... ∨ ψm} otherwise.

(b) For each conjunct λ and index k: if Diamk(λ) = {ψ} and Boxk(λ) =

{γ1, ..., γp}, replace λ by λ\{2kγ1, ...,2kγp}∪{2k(γ1∨ψ), ...,2k(γp∨ψ)}.

(c) If Prop(λ) contains two complementary atomic literal formulae, or if

there is some disjunct 2kζ where ζ is a tautologous propositional clause,

remove λ from ϕ2.

Step 2 If all conjuncts of ϕ2 have been removed, return ⊤. Otherwise, return the

modified ϕ2.

We claim that the formula returned by this procedure, call it ϕ′2, is equivalent

to the original formula ϕ2, which means that we can test ϕ1 |= ϕ2 by testing

ϕ1 |= ϕ′2. We claim furthermore that ϕ′2 satisfies all of the conditions of right-hand-

side formulae outlined in Theorem 6.3.9, which means that according to Theorem

6.3.9 and Lemma 6.3.4, it is possible to test whether ϕ1 |= ϕ′2 in quadratic time in

|ϕ1|+|ϕ′2|. This is sufficient to show the result since clearly the above transformation

operates in polynomial time (hence space) in the length of the input formula ϕ2.

Showing that ϕ′2 is equivalent to ϕ2 is straightforward. All of the transfor-

mations in Step 1 are equivalence-preserving: part (a) is equivalence-preserving

because of item 5 of Theorem 2.3.1; part (b) is equivalence-preserving because of

item 9 of Theorem 2.3.1; part (c) is equivalence-preserving since any clause with


complementary propositional literals or with a tautologous 2-disjunct must be tau-

tologous. Finally, Step 2 is equivalence-preserving since if all conjuncts of ϕ2 were

removed in Step 1, then all of ϕ2’s conjuncts are tautologies, so ϕ2 ≡ ⊤.

We now show that the formula ϕ′2 satisfies the requirements of right-hand-side

formulae. We first note that ϕ′2 is in extended conjunctive normal form, being a

conjunction of clauses such that the formulae behind the modalities are all proposi-

tional clauses. We then note that because of Step 1(a) of the above transformation,

there can be at most one 3k-disjunct in each clause appearing in ϕ′2. Also, because

of Step 1(b), we know that if λ is a clausal subformula of ϕ′2 and γ ∈ Diamk(λ)

and ζ ∈ Boxk(λ) for some 1 ≤ k ≤ n, then γ |= ζ. Because of Step 1(a) and

1(c), we know that the only possible tautologous subformulae of ϕ′2 are ϕ′2 itself

or some formula appearing behind a 3k modality. In either case, the tautologous

subformula must be equal to ⊤.

Example 6.3.16.


( a ∨ 22 21 d )

∧ (¬a ∨ 32 ( a ∧ b ) )

∧ (22 ( (21 d ∨ a ) ∧ (21 d ∨ b ) ) ∨ 32 ( a ∧ b ) )

∧ 21 ( ( a ∨ 32 ⊤ ) ∧ (22 ⊥ ∨ c ) ∧ ( a ∨ c ) )

∧ 31 ( a ∧ ¬c ∧ 22 ⊥ )


(¬c ∨ 32 b ∨ 22 ¬b ) ∧ (¬a ∨ ¬b ∨ 32 a ∨ 32 b )

We know from Example 6.2.5 that ϕ is in prime implicate normal form, and it can

be verified that ψ is a formula in extended conjunctive normal form satisfying the

conditions of Theorem 6.3.15. Let us begin then by applying the transformation in

the proof of Theorem 6.3.15 to ψ. In Step 1(a) of the transformation, we replace the

disjuncts 32 a and 32 b in the second conjunct by a single disjunct 32 ( a ∨ b ). Then

in Step 1 (b) we replace the disjunct 22 ¬b in the first conjunct by 22 (¬b ∨ b ).

This means that in Step 1(c), we will remove the first conjunct from ψ. Thus,

at the end of the transformation, we have ψ = ¬a ∨ ¬b ∨ 32 ( a ∨ b ). We can

then call Π-Entail to decide whether ϕ |= ψ. The algorithm will output yes since

the second conjunct of ϕ satisfies all three conditions with respect to the unique

conjunct of ψ.


Remark 6.3.17.

We cannot extend the previous result to the entire class of Kn formulae in NNF

which are conjunctions of D1-clauses. This is because, as we saw earlier in the proof

of Lemma 3.1.4, deciding whether a D1-term is unsatisfiable is an NP-complete

task, which means that the dual problem of deciding whether a D1-clause is a

tautology must also be NP-complete. Similarly, we can show that deciding whether

a D2-clause is a tautology is also NP-complete. This means that there cannot exist

any compilation method for Kn formulae that allows one to tractably answer all

D2-clause entailment queries.

In the previous theorems, we exhibited some specific tractable classes of queries

for formulae in prime implicate normal form. We now consider the problem of

posing arbitrary entailment queries to formulae in prime implicate normal form.

We recall that in the case of propositional logic, one can test whether an arbitrary

formula is entailed by a formula in prime implicate normal form by first putting

the formula in conjunctive normal form and then using structural comparison to

decide entailment. The transformation to conjunctive normal form involves a single-

exponential blowup in formula size in the worst-case. We show an analogous result

for Kn, namely that every formula in Kn can be transformed into an equivalent

formula which satisfies the conditions for right-hand-side formulae and which is

no more than single-exponentially larger. This means that we can test whether

an arbitrary formula ψ is a logical consequence of a formula ϕ in prime implicate

normal form by first making ψ satisfy the right-hand-side conditions and then

running the algorithm Π-Entail.

Theorem 6.3.18.

There exists a polynomial function f such that for every formula ϕ there exists an

equivalent formula ϕ′ which satisfies all the conditions for right-hand-side formulae

and is such that |ϕ′| ≤ 2f(|ϕ|).

Proof. We assume without loss of generality that formulae are in NNF. Define

rhs(ϕ) as the length of the shortest formula which is equivalent to ϕ and satisfies

all of the conditions on right-hand-side formulae. We will let max-rhsl(k) denote

the maximum value of rhs for formulae having depth at most k and at most l

distinct literal subformulae.

We would like to place some upper bounds on the value of max-rhsl(k). We

remark that if ϕ is tautologous or a contradiction, then rhs(ϕ) = 1, since ⊤ and

⊥ satisfy all right-hand-side conditions. Thus, we can restrict our attention to

formulae which are satisfiable and non-tautologous. We begin by considering the

case of propositional formulae. We remark that there are only single-exponentially


many non-equivalent propositional clauses on m variables, which means that we can

find some polynomial function q such that every propositional formula built using at

most m propositional variables is equivalent to some formula in conjunctive normal

form with length at most 2q(m). We can assume without loss of generality that the

CNF formula has no tautologous conjuncts, and hence satisfies all right-hand-side

conditions. As the number of propositional variables appearing in a formula can

never exceed the number of distinct literal subformulae appearing in the formula, it

follows that there exists some polynomial function p such that max-rhsl(0) ≤ 2p(l).

Now that we have obtained an upper bound on max-rhsl(0), we try to obtain an

upper bound on max-rhsl(k + 1) in terms of max-rhsl(k). Consider some formula

ϕ with depth k + 1 and having at most l distinct literal subformulae. We first use

the function Cnf to rewrite ϕ as an equivalent conjunction of clauses λ1 ∧ ...∧λm.

We can assume without loss of generality that the conjuncts λ1, ..., λm are all

non-tautologous and mutually non-equivalent and that they contain no redundant

disjuncts (otherwise we can simply remove all unnecessary conjuncts and disjuncts,

resulting in an even shorter formula). We will now transform each λi to make it

satisfy the conditions of right-hand-side formulae. First, if there are multiple 3j-

disjuncts, we group them into a single 3j disjunct. Specifically, for each 1 ≤ j ≤ n

such that 3j(λi) ≥ 2, if 3j(λi) = {ψ1, ..., ψr}, the we replace the disjuncts 3j ψ1,

..., 3j ψr by the single disjunct 3j (ψ1 ∨ ... ∨ ψr). Secondly, for each disjunct of

the form 2j χ such that 3j(λi) = {ψ} (because of the previous step, we know

there to be at most one element in 3j(λi)), we replace 2j χ by 2j (χ ∨ ψ). We

remark that these two modifications are equivalence-preserving, so each modified

λi is equivalent to the original clause λi. Notice also that if ζ is such that 2j ζ or

3j ζ is a disjunct of the modified λi, then ζ must have depth at most δ(ϕ)− 1 and

must have at most l distinct literal subformulae. The latter holds since the literal

subformulae appearing in the output of Cnf on ϕ are all literal subformulae of ϕ,

and the set of literal subformulae appearing in a disjunction of formulae is equal

to the union of the literal subformulae of the disjuncts. We can thus apply the

induction hypothesis to all formulae ζ such that 2j ζ or 3j ζ is a disjunct of the

modified λi. Specifically, we find that for each such ζ, there is a formulae ζ ′ which

is equivalent to ζ, has length at most max-rhsl(k), and satisfies all right-hand side

formulae. Let us then substitute for each formulae ζ the formula ζ ′. We remark

that the clause resulting from applying the preceding modifications to λ, call it λ′i,

is a clause which is equivalent to λi and satisfies all right-hand-side conditions. It

follows then that the conjunction ϕ′ = λ′1 ∧ ... ∧ λ′m is a formula equivalent to ϕ

which satisfies all right-hand-side conditions.

We now consider the length of ϕ′. We first remark that there can be at most 2l


conjuncts in ϕ′ since Cnf outputs at most 2l mutually non-equivalent clauses when

the input formula in NNF has at most l mutually non-equivalent literal subformulae

(by Theorem 2.4.11). Moreover, we also know from Theorem 2.4.11 that the clauses

output by Cnf all have at most l mutually non-equivalent disjuncts, so each λi has

no more than l disjuncts. As the modifications to the λi never increase their number

of disjuncts, it follows that each modified clause λ′i has at most l disjuncts. Finally,

we know that each disjunct has length at most max-rhsl(k) + 1, since it is either

a propositional disjunct, or of the form 2j ζ′ or 3j ζ

′, in which case we already

showed above that |ζ ′| ≤ max-rhsl(k). Thus, each conjunct λ′i can have length at

most l ∗ (max-rhsl(k)+1+1) (the extra one is for the disjunction symbols between

the disjuncts). This means that ϕ′ has length at most 2l ∗(l∗(max-rhsl(k)+2)+1)

(the extra one is for conjunction symbols between the conjuncts). We thus have

max-rhsl(k + 1) ≤ 2l ∗ (l ∗ (max-rhsl(k) + 2) + 1)

From this we can derive that

max-rhsl(k) ∈ O((2l ∗ l)k ∗ 2p(l))

As both the depth of ϕ and the number of mutually non-equivalent literal subfor-

mulae in ϕ are bounded above by |ϕ|, we find that

rhs(ϕ) ∈ O((2|ϕ| ∗ |ϕ|)k ∗ 2p(|ϕ|))

We have thus shown that every formula is equivalent to a formula at most single-

exponentially larger which satisfies all right-hand-side conditions.

6.3.2 Tractable uniform interpolation

As we saw in Chapter 2, the L-interpolant of a formula corresponds to the finest

approximation of the formula over a given signature. We show in this subsection

that it is easy to generate L-interpolants of formulae in prime implicate normal

form.

We introduce an algorithm Π-LangInt for computing an L-interpolant of a

given formula in prime implicate normal form. The basic idea is to remove all sub-

clauses which have either a propositional disjunct (¬)a with a 6∈ L or a disjunct of

the form 2iψ or 3iψ where i 6∈L.

To illustrate the functioning of Π-LangInt, we detail its execution on the for-

mula ϕ from Example 6.2.5:


Algorithm 6.2 Π-LangInt

Input: a formula ϕ in prime implicate normal form

Output: an L-interpolant of ϕ

(1) Set Π = ∅.

(2) For each conjunct λ of ϕ

If a ∈ L for every disjunct (¬)a of λ and i ∈ L for every disjunct 2iψ or 3iψ

of λ, then

(a) Let λ′ be the formula obtained from λ by replacing each disjunct 2iψ

by 2iΠ-LangInt(ψ,L) and each disjunct 3iψ by 3iΠ-LangInt(ψ,L)

(b) If there is no disjunct of λ′ of the form 2i⊤, then add λ′ to Π

(3) Return the conjunction of the formulae in Π if Π 6= ∅, otherwise return ⊤.

Example 6.3.19.


( a ∨ 22 21 d )

∧ (¬a ∨ 32 ( a ∧ b ) )

∧ (22 ( (21 d ∨ a ) ∧ (21 d ∨ b ) ) ∨ 32 ( a ∧ b ) )

∧ 21 ( ( a ∨ 32 ⊤ ) ∧ (22 ⊥ ∨ c ) ∧ ( a ∨ c ) )

∧ 31 ( a ∧ ¬c ∧ 22 ⊥ )

and let L = {1, 2, b, c, d}. In Step 1 of Π-LangInt, we initialize Π to the empty

set. Then in Step 2, we examine each of the conjuncts of ϕ one by one:

• We first examine a ∨ 22 21 d. As this clause has a propositional disjunct a

and a 6∈ L, we do not enter the if-loop.

• The next conjunct is ¬a ∨ 32 ( a ∧ b ). Again, the conditions of the if-loop

are not satisfied, as there is a disjunct ¬a and a 6∈ L.

• We next consider the conjunct 22 ( (21 d ∨ a ) ∧ (21 d ∨ b ) ) ∨ 32 ( a ∧ b )).

As there are no propositional disjuncts and 2 ∈ L, the conditions of the if-loop

are satisfied. We thus make recursive calls to Π-LangInt on the formulae

behind the modal operators:

– On input (21 d ∨ a ) ∧ (21 d ∨ b ), Π-LangInt returns 21 d ∨ b, since the

first conjunct does not satisfy the conditions of the if-loop because of its

disjunct a, and the second conjunct is not modified as Π-LangInt(d,L)=d.

– On input a∧ b, Π-LangInt returns b, since a does not satisfy the conditions

of the if-loop, and b is left unaltered.

We thereby replace (21 d ∨ a ) ∧ (21 d ∨ b ) by 21 d ∨ b and a ∧ b by b.

The clause resulting from these modifications is then added to Π.


• The next conjunct of ϕ is 21 ( ( a ∨ 32 ⊤ ) ∧ (22 ⊥ ∨ c ) ∧ ( a ∨ c ) ). As

this clause has no propositional disjuncts and 1 ∈ L, we enter the if-loop and

call Π-LangInt on the formula behind the modal operator.

– On input (a ∨ 32 ⊤ ) ∧ (22 ⊥ ∨ c ) ∧ ( a ∨ c ), Π-LangInt returns 22 ⊥ ∨ c

since the first and third clauses do not satisfy the conditions of the if-loop

because of their disjunct a, and the second clause is not modified as Π-

LangInt(⊥,L)=⊥.

We thus add 21 (22 ⊥ ∨ c ) to Π.

• The final conjunct is 31 ( a ∧ ¬c ∧ 22 ⊥ ). As 1 ∈ L, we enter the if-loop,

and we call Π-LangInt on a ∧ ¬c22 ⊥:

– On input a ∧ ¬c ∧ 22 ⊥, Π-LangInt returns ¬c ∧ 22 ⊥, since the first

conjunct does not satisfy the conditions of the if-loop, and the other two

conjuncts are left unaltered.

We thus add 31 (¬c ∧ 22 ⊥ ) to Π.

In Step 3, we return the conjunction of the elements of Π, which is:

(22 (21 d ∨ b ) ∨ 32 b) ∧ 21 (22 ⊥ ∨ c ) ∧ 31 (¬c ∧ 22 ⊥ )

We now prove the correctness of Π-LangInt.

Lemma 6.3.20.

If ϕ is a formula in prime implicate normal form, then the output of Π-LangInt(ϕ,

L) is an L-interpolant of ϕ.

Proof. The proof is by induction on the depth of the input formula ϕ. The base

case is when δ(ϕ) = 0, i.e. when ϕ is a propositional formula. In this case, the

algorithm simply returns the conjunction of the conjuncts of ϕ whose signatures are

contained in L, or ⊤ if there are no such conjuncts. Let ζ be some formula such that

sig(ζ) ⊆ L and ϕ |= ζ. Because of Theorem 3.1.13, we can suppose without loss of

generality that ζ is a conjunction of clauses. We know from Covering (Theorem

3.2.8) that if a clause λ is entailed by ϕ, then there is some prime implicate of

ϕ, hence some conjunct of ϕ (since ϕ is in prime implicate normal form), which

entails λ. It follows that every conjunct of ζ is entailed by some conjunct of ϕ. We

remark that ϕ is a conjunction of propositional clauses and that a propositional

clause containing propositional literals outside L cannot entail a non-tautologous

formula with signature contained in L. This means that if there are no conjuncts

of ϕ with signature contained in L, then ζ must be a tautological formula, and if

such conjuncts exist, then each of the conjuncts in ζ must be entailed by at least

one such conjunct. In the first case, we find that ζ is entailed by ⊤, and in the

second case, ζ is entailed by the conjunction of the conjuncts of ϕ whose signatures


are contained in L. In both cases, we find that the output of Π-LangInt(ϕ, L) is a

formula with signature in L which is entailed by ϕ and which entails every formula

ζ in L which is entailed by ϕ, so it must be an L-interpolant of ϕ.

Let us next assume that the result holds for every formula in prime implicate

normal form with depth at most k and show that the result still holds for formulae

with depth k+ 1. Our first step will be to show that the following statements hold

for every clause λ in prime implicate normal form with depth at most k + 1:

1. If λ contains a disjunct (¬)a with a 6∈ L or a disjunct 2iψ or 3iψ where

i 6∈ L, then ⊤ is an L-interpolant of λ

2. If λ is such that a ∈ L for every disjunct (¬)a of λ and i ∈ L for every

disjunct 2iψ or 3iψ, then the formula obtained from λ by replacing dis-

juncts of the form 3iψ and 2iψ respectively by 3iΠ-LangInt(ψ,L) and

2i Π-LangInt(ψ,L) is an L-interpolant of λ

We begin with statement (1). Let λ be a clause in prime implicate normal form

which contains a disjunct (¬)a with a 6∈ L or a disjunct 2iψ or 3iψ where i 6∈ L. In

the first case, we know that the only formulae with signature in L which subsume

(¬)a are tautologous formulae, so λ cannot entail any non-tautologous formulae

with signature contained in L, i.e. ⊤ is an L-interpolant of λ. If instead we are in

the second case, then there is some satisfiable disjunct 3iψ or 2iψ of λ with i 6∈ L.

But a satisfiable formula 3iψ or 2iψ cannot imply any non-tautological clause

which does not contain a modality 3i or 2i by Theorem 2.3.3. It follows that every

formula which is entailed by λ and has signature contained in L is tautologous, so

⊤ is an L-interpolant of λ.

We now show (2). Let λ be a clause in prime implicate normal form of depth at

most k+1 such that a ∈ L for every disjunct (¬)a of λ and i ∈ L for every disjunct

2iψ or 3iψ of λ. Let λ′ be the formula obtained from λ by replacing disjuncts of the

form 3iψ and 2iψ respectively by 3iΠ-LangInt(ψ,L) and 2iΠ-LangInt(ψ,L).

We remark that λ′ has the same propositional disjuncts as λ, and its top-level

modalities are the same as those in λ. We also note that the formulae appearing

behind the top-level modal operators have the form Π-LangInt(ψ,L) where ψ is

a formula in prime implicate normal form with depth at most k. Applying the

induction hypothesis, we find that for each such formula ψ, Π-LangInt(ψ,L) is an

L-interpolant of ψ. In particular, that means that Π-LangInt(ψ,L) has signature

contained in L. It follows that ψ′ also has signature contained in L. It also means

that each ψ entails Π-LangInt(ψ,L), from which we can deduce that λ′ is entailed

by λ. We now need to show that λ′ entails every formula which is entailed by

λ and has signature in L. Let γ be such a formula. Clearly every propositional

disjunct of λ′ must entail γ since λ and λ′ have the same propositional disjuncts and


λ |= γ. Every existential disjunct of λ′ is equal to 3iΠ-LangInt(ψ,L) for some

disjunct 3iψ of λ. As 3iΠ-LangInt(ψ,L) is an L-interpolant of 3iψ (Lemma

2.6.10), it follows that 3iΠ-LangInt(ψ,L) must entail γ since γ is entailed by 3iψ

and sig(γ) ⊆ L. That means that every 3-disjunct of λ′ entails γ. Likewise, we

remark that 2iΠ-LangInt(ψ,L) is an L-interpolant of 2iψ, so every 2-disjunct

of λ′ entails γ. As every disjunct of λ′ entails γ, it follows that λ′ |= γ, so λ′ is

an L-interpolant of λ. This together with statement (1) tells us that the output

of Π-LangInt(ϕ, k + 1) is equivalent to the conjunction of L-interpolants of the

conjuncts of ϕ.

Now let ζ be a formula such that sig(ζ) ⊆ L and ϕ |= ζ. We can assume without

loss of generality that ζ is a conjunction of clauses since any formula is equivalent

to some formula of this form and with the same or smaller signature (Theorem

2.4.11). Then since ϕ entails ζ, it follows that ϕ entails each of the clauses which

are conjuncts of ζ. By the Covering property (Theorem 3.2.8), we know that every

implicate of ϕ is entailed by some prime implicate of ϕ. As we have assumed ϕ to

be in prime implicate normal form, this means that every conjunct of ζ is entailed

by some conjunct of ϕ. This together with the fact that the conjuncts of ζ have

signature contained in L means that each of the conjuncts of ζ is entailed by an

L-interpolant of some conjunct of ϕ. It follows then that the formula ζ is entailed

by the conjunction of the L-interpolants of the conjuncts of ϕ. But then ζ must be

entailed by the output of Π-LangInt(ϕ, L) since we have shown above that the

output of Π-LangInt(ϕ, L) is equivalent to the conjunction of L-interpolants of

the conjuncts of ϕ. We have thus demonstrated that the output of Π-LangInt(ϕ,

L) is a formula with signature in L which is entailed by ϕ and entails every formula

with signature in L which is entailed by ϕ, i.e. the output of Π-LangInt(ϕ, L) is

an L-interpolant of ϕ.

Lemma 6.3.21.

The algorithm Π-LangInt runs in linear time in the size of the input formula.

Proof. Π-LangInt terminates in linear time with respect to the size of the input

formula because all the algorithm does is scan the input formula a single time in

order to remove those clausal sub-formulae which violate the syntactic requirements

set forth in Step 2.

Theorem 6.3.22.

If ϕ is in prime implicate normal form, then an L-interpolant of ϕ can be generated

in linear time in the size of ϕ.

Proof. Follows directly from Lemmas 6.3.20 and 6.3.21.


The L-interpolant obtained using Π-LangInt may not, however, be itself in

prime implicate normal form, as the following example demonstrates:

Example 6.3.23.

Let ϕ = 31(a ∧ 22b) ∧ 31(a ∧ b) and L = {1, a, b}. Then ϕ is in prime implicate

normal form, but Π-LangInt(ϕ,L) = 31a ∧ 31(a ∧ b) is not in prime implicate

normal form since 31a is not a prime implicate of Π-LangInt(ϕ,L).

This is not a problem, however, since we show in Theorem 6.3.25 that we can

use the algorithm Π-Entail from earlier in the chapter in order to remove super-

fluous subformulae, thereby returning the L-interpolant to prime implicate normal

form. For the proof of Theorem 6.3.25, we will require the following lemma, which

shows that the output of Π-LangInt satisfies the required conditions to ensure the

correctness of Π-Entail. Both the proof of the lemma and the proof of Theorem

6.3.25 are quite long and tedious, and so might be best skipped on a first reading

of the chapter.

Lemma 6.3.24.

If ϕ is a formula in prime implicate normal form, then the output of Π-LangInt(ϕ,

L) satisfies the requirements for both left- and right-hand-side formulae described

in Theorem 6.3.9.

Proof. The proof is by induction on the depth of the input formula ϕ. The base

case is when δ(ϕ) = 0. In this case, Π-LangInt simply returns the conjunction of

the conjuncts of ϕ whose signatures are contained in L, or ⊤ if there are no such

conjuncts. We consider only the former case, since ⊤ clearly satisfies all of the con-

ditions for both right- and left-hand-side formulae. Now let λ be some prime impli-

cate of Π-LangInt(ϕ, L). We know that λ is non-tautologous since Π-LangInt(ϕ,

L) contains at least one non-tautologous propositional clause. Moreover, since the

signature of Π-LangInt(ϕ, L) is contained in L, then by Theorem 4.1.5, we can

assume without loss of generality that λ also has signature contained in L. As

ϕ |=Π-LangInt(ϕ, L), we must also have ϕ |= λ, so by the Covering property

(Theorem 3.2.8), there must be some prime implicate of ϕ which entails λ. As

ϕ is in prime implicate normal form, every prime implicate is equivalent to some

conjunct of ϕ, so there must be some conjunct π of ϕ such that π |= λ. But then

by Theorem 2.3.3, it follows that π must have signature in L, which means that π

is a conjunct of Π-LangInt(ϕ, L), and also that π ≡ λ. It follows that every prime

implicate of Π-LangInt(ϕ, L) is equivalent to some conjunct of Π-LangInt(ϕ, L).

As Π-LangInt(ϕ, L) had depth 0, the second condition for left-hand-side formulae

is trivially satisfied. As Π-LangInt(ϕ, L) is a propositional formula, there are


only two possible types of unsatisfiable subformulae: Π-LangInt(ϕ, L) itself, or

disjuncts of the form ⊥. In the first case, we have Π-LangInt(ϕ, L)= ⊥, since

Π-LangInt(ϕ, L) is unsatisfiable only if ϕ is, ϕ would be equal to ⊥ if it were

unsatisfiable, and Π-LangInt(⊥) = ⊥. In the second case, we would have had

disjuncts ⊥ in ϕ, which cannot be the case since ϕ is assumed to be in prime im-

plicate normal form. Finally, we note that Π-LangInt(ϕ, L) is a conjunction of

clauses, and hence in extended conjunctive normal form. We have thus shown that

Π-LangInt(ϕ, L) satisfies all of the requirements for left-hand-side formulae.

Now let’s show that Π-LangInt(ϕ, L) satisfies the requirements for right-hand-

side formulae. As Π-LangInt(ϕ, L) had depth 0, the first two requirements, which

involve 2- and 3-formulae, are trivially satisfied. The third condition, that all

tautologous subformulae are equal to ⊤, is also satisfied, since Π-LangInt(ϕ, L)

is either equal to ⊤ or it is a conjunction of non-tautologous propositional clauses.

The final requirement is satisfied as well, since Π-LangInt(ϕ, L) cannot have any

tautologous conjuncts unless it is itself a tautology.

We have thus shown that Π-LangInt(ϕ, L) satisfies the requirements for both

left- and right-hand-side formulae whenever ϕ has depth 0. Now let us suppose

that the same holds for formulae with depth at most m, and let ϕ be a formula

in prime implicate normal form of depth m+ 1. We begin with the left-hand-side

requirements. Let λ be some prime implicate of Π-LangInt(ϕ, L). We can assume

without loss of generality that sig(λ) ⊆ L since the signature of Π-LangInt(ϕ, L)

is contained in L, and we know that every prime implicate of Π-LangInt(ϕ, L)

is equivalent to some clause with signature in sig(Π-LangInt(ϕ, L)) (by Theorem

4.1.5). Now since Π-LangInt(ϕ,L) |= λ and ϕ |= Π-LangInt(ϕ,L), we also have

ϕ |= λ. By the Covering property (Theorem 3.2.8), there must be some prime

implicate of ϕ, and hence some conjunct of ϕ (since ϕ is in prime implicate normal

form), which entails λ. We showed in the proof of Theorem 6.3.20 that Π-LangInt

transforms every conjunct of ϕ into its L-interpolant, from which we find that λ is

equivalent to some conjunct of Π-LangInt(ϕ, L).

Next let ψ be such that 3kψ or 2kψ is a subformula of Π-LangInt(ϕ, L). Then

it must be the case that ψ =Π-LangInt(ζ, L) for some subformula ζ of ϕ such that

3kζ or 2kζ is a subformula of ϕ. But that means that ζ must be a formula in prime

implicate normal form with depth at most m, so applying the induction hypothesis,

we find that Π-LangInt(ζ, L) satisfies all of the left-hand-side requirements. In

particular, this means that if ψ is such that 3kψ or 2kψ is a subformula of Π-

LangInt(ϕ, L), then every prime implicate of ψ is equivalent to some conjunct of

ψ. It also means that ψ is in extended conjunctive normal form, which allows us

to show that Π-LangInt(ϕ, L) is also in extended conjunctive normal form.


Let us now show that the third left-hand-side condition holds for Π-LangInt(ϕ,

L). Suppose then for a contradiction that Π-LangInt(ϕ, L) has an unsatisfiable

subformula γ such that γ 6= ⊥. Suppose first that γ appears in the scope of one or

more modal operators. Then that means that there is some disjunct 3kψ or 2kψ

of one of the clausal conjuncts of Π-LangInt(ϕ, L), such that γ is a subformula

of ψ. But we know from the definition of Π-LangInt that ψ =Π-LangInt(ζ, L)

for some ζ such that 3kψ or 2kψ is a subformula of ϕ. By applying the induction

hypothesis to ζ, we conclude that ψ =Π-LangInt(ζ, L) satisfies all of the left-

hand-side conditions. In particular, it contains no unsatisfiable subformulae which

are not equal to ⊥. It follows that γ must appear in Π-LangInt(ϕ, L) outside the

scope of the modal operators. There are three possibilities: γ is a disjunct of some

clausal conjunct of Π-LangInt(ϕ, L), γ is a clausal conjunct of Π-LangInt(ϕ,

L), or γ is a conjunction of clausal conjuncts of Π-LangInt(ϕ, L). We start with

the case where γ is a disjunct of some clausal conjunct of Π-LangInt(ϕ, L). In

this case, γ must be of the form 3kψ, since propositional literals and 2-formulae

cannot be unsatisfiable. We know from the definition of Π-LangInt that ψ =Π-

LangInt(ζ, L) for some subformula ζ of ϕ such that 3kζ is a disjunct of some

conjunct of ϕ. But ψ is both unsatisfiable and an L-interpolant of ζ (by Lemma

6.3.20), so ζ must be unsatisfiable, too. That means that ϕ possesses a clausal

conjunct with an unsatisfiable disjunct, contradicting our assumption that ϕ is

in prime implicate normal form. Next consider the possibility that γ is a clausal

conjunct of Π-LangInt(ϕ, L). Since γ is assumed unsatisfiable but not equal to

⊥, it must either contain a disjunct of the form 3kψ for some unsatisfiable formula

ψ, or multiple disjuncts of the form ⊥. We have already shown that the first case

cannot occur, and the second case is also impossible, since it would mean that ϕ

possesses a clausal conjunct with unnecessary disjuncts. It must then be the case

that Π-LangInt(ϕ, L) itself is unsatisfiable but unequal to ⊥. But that would

imply the presence of either an unsatisfiable conjunct not equal to ⊥, which we

have just shown to be impossible, or several conjuncts ⊥, which is also impossible

since that would mean that ϕ itself contains unnecessary conjuncts, which cannot

happen since ϕ is in prime implicate normal form.

Finally, for the fourth left-hand-side condition, we simply note that by the dis-

cussion in the previous paragraph, there can be no satisfiable clausal subformula in

Π-LangInt(ϕ, L) having unsatisfiable disjuncts, as this would indicate the pres-

ence of unnecessary disjuncts in some clausal subformula of ϕ, which is forbidden

by the definition of prime implicate normal form.

Now let us move on to the right-hand-side requirements. We know from the

induction hypothesis that any clausal subformula appearing within the scope of


modal operators in Π-LangInt(ϕ, L) must satisfy the first two right-hand-side

conditions. So we only need to worry about the clausal subformulae which are

conjunct of Π-LangInt(ϕ, L). Let λ′ be a clausal conjunct of Π-LangInt(ϕ,

L). We know from the definition of Π-LangInt that there must be some clausal

conjunct λ of ϕ such that λ′ is obtained from λ by replacing each disjunct 2kψ

by 2kΠ-LangInt(ψ,L) and each disjunct 3kψ by 3kΠ-LangInt(ψ,L). As ϕ is in

prime implicate normal form, it follows that |Diamk(λ)| ≤ 1 for all 1 ≤ k ≤ n. It

follows then that |Diamk(λ′)| ≤ 1 for all 1 ≤ k ≤ n, so the first right-hand-side

condition is satisfied by Π-LangInt(ϕ, L). Now suppose that γ′ ∈ Diamk(λ′) and

ζ ′ ∈ Boxk(λ′) for some k. Then there must be γ ∈ Diamk(λ) and ζ ∈ Boxk(λ)

such that γ′ =Π-LangInt(γ, L) and ζ ′ =Π-LangInt(ζ, L). As ϕ is assumed to

be in prime implicate normal form, we know that γ |= ζ. But that means that

Π-LangInt(γ, L)|=Π-LangInt(ζ, L), and hence γ′ |= ζ ′. We thus have the second

right-hand-side condition.

Next we need to show that every tautologous subformula of Π-LangInt(ϕ, L)

is equal to ⊤. Suppose for a contradiction that Π-LangInt(ϕ, L) contains some

tautologous subformula γ which is not equal to ⊤. It follows from the induction

hypothesis that all tautologous formulae appearing behind the modal operators

are equal to ⊤, so γ must appear outside the scope of any modal operators in

Π-LangInt(ϕ, L). There are three possibilities: γ is a disjunct of some clausal

conjunct of Π-LangInt(ϕ, L), γ is a clausal conjunct of Π-LangInt(ϕ, L), or γ is a

conjunction of clausal conjuncts of Π-LangInt(ϕ, L). First consider the case where

γ is a literal. Then γ must be of the form 2kζ′ where ζ ′ is a tautologous formula,

since propositional literals and 3-formulae cannot be tautologies. But we know

from the definition of Π-LangInt that 2kζ′ must be equal to 2kΠ-LangInt(ζ,

L) for some ζ such that 2kζ is a disjunct of some clausal conjunct of ϕ. By the

induction hypothesis, Π-LangInt(ζ, L) must be equal to ⊤ since it is a tautology,

which means that γ is of the form 2k⊤. But this is a contradiction, since in Step

2(b) of Π-LangInt we only added to the set Π clauses which did not contain

disjuncts of this form. Next suppose that γ is one of the clausal conjuncts of Π-

LangInt(ϕ, L). Since γ is a tautologous clause, and we know from the previous

paragraph that |Diamk(λ′)| ≤ 1, it follows from Theorem 2.3.1 that γ contains

either a pair of complementary literals a and ¬a, or a pair disjuncts 2kζ′ and 3kµ

′

such that |= ζ ′ ∨ µ′. We know that the former case cannot occur, since in Step 2

of Π-LangInt we do not add to Π any clauses with complementary propositional

disjuncts. It must then be the case that γ possesses disjuncts 2kζ′ and 3kµ

′ such

that |= ζ ′ ∨ µ′. From the previous paragraph, we know that µ′ |= ζ ′, which gives

us |= ζ ′. But we also know that 2kζ′ must be equal to 2kΠ-LangInt(ζ, L) for


some ζ such that 2kζ is a disjunct of some clausal conjunct of ϕ. But we know

from the induction hypothesis that Π-LangInt(ζ, L) cannot have any tautologous

subformulae not equal to ⊤, so we must have Π-LangInt(ζ, L)= ⊤ and hence

2kζ′ = 2k⊤. This is a contradiction however, since no clauses with a disjunct of

the form 2k⊤ are added to Π in Step 2. Thus, we must be in the final case, in

which γ is a conjunction of clausal conjuncts of Π-LangInt(ϕ, L). But then γ

must either have a tautologous clausal conjunct which is not equal to ⊤, or be a

conjunction of multiple ⊤ symbols. We just showed that Π-LangInt(ϕ, L) cannot

have a tautologous clausal conjunct not equal to ⊤. The second case also cannot

happen, since that would mean that we had added ⊤ to Π in Step 2. But that

could only happen if ⊤ were a conjunct of ϕ, which can only happen when ϕ = ⊤,

in which case we would have Π-LangInt(ϕ, L)=⊤. Thus, we have shown that

Π-LangInt(ϕ, L) cannot possess any tautologous subformulae not equal to ⊤.

For the final right-hand-side condition, suppose that Π-LangInt(ϕ, L) possesses

a non-tautologous subformula which is a conjunction having at least one conjunct

⊤. Because of the induction hypothesis, we can assume that this conjunction does

not appear behind the scope of modal operators, which means that the conjunct

in question must be a conjunct of Π-LangInt(ϕ, L). But we showed at the end of

the last paragraph that Π-LangInt(ϕ, L) cannot have a conjunct ⊤ except in the

limit case where it is itself equal to ⊤. Thus, we have shown Π-LangInt(ϕ, L) to

satisfy all of the right-hand-side conditions.

Theorem 6.3.25.

If ϕ is in prime implicate normal form, then an L-interpolant of ϕ in prime impli-

cate normal form can be generated in polynomial time in the size of ϕ.

Proof. We know from Lemma 6.3.20 that we can compute an L-interpolant of a

formula ϕ in prime implicate normal form using the algorithm Π-LangInt, but we

now need to show how to transform the output of Π-LangInt into an equivalent

formula in prime implicate normal form. Consider the following recursive proce-

dure BackToPINF which takes as input a formula ζ = λ1 ∧ ... ∧ λm in extended

conjunctive normal form:

Step 1 If δ(ζ) = 0, return ζ. Otherwise, set Π = ∅.

Step 2 For i = 1 to m:

If Π-Entail(λj , λi)=no for all 1 ≤ j < i and either Π-Entail(λj, λi)=no

or Π-Entail(λi, λj)=yes for all i < j ≤ n, then

(a) Let λ′i be the formula obtained from λi by replacing each


disjunct 2kψ (resp. 3kψ) with 2kBackToPINF(ψ)

(resp. 3kBackToPINF(ψ)).

(b) For each k = 1 to n:

Let {α1, ..., αs} be the elements in Boxk(λ′i).

For l = 1 to s:

If Π-Entail(αl, αp)=yes for some 1 ≤ p < l or

Π-Entail(αl, αp)=yes and Π-Entail(αp, αl)=no

for some l < p ≤ s, then

Remove 2kαl from λ′i.

(c) Add λ′i to Π.

Step 3 Return∧

π∈Π π.

We claim that if ζ is such that ζ =Π-LangInt(ϕ, L) for some formula ϕ in prime

implicate normal form and some signature L, then the output of BackToPINF on

input ζ, call it ζ ′, is a formula in prime implicate normal form which is equivalent

to ζ. The proof is by induction on the depth of the input formula ζ.

The base case is when δ(ζ) = 0. Let ϕ be a formula in prime implicate normal

form such that ζ =Π-LangInt(ϕ, L). Now since ζ is propositional, we know

that ϕ must be propositional as well, since Π-LangInt never removes modalities

from clauses. For propositional formulae, it is known that the L-prime implicates

of a formula are precisely those prime implicates of the formula with signature

contained in L (cf. [Mar00]). It follows that the conjuncts of ζ are precisely

its prime implicates. Moreover, there can be no repeated conjuncts or disjuncts

in ζ since this would imply unnecessary conjuncts or disjuncts in ϕ, which cannot

happen since ϕ is in prime implicate normal form. It follows that ζ is itself in prime

implicate normal form. We thus have the desired result since BackToPINF(ζ)=ζ

for propositional ζ.

Next let us assume that the result holds whenever the input formula has the

required form and depth at most d, and let ζ a formula of depth d + 1 such that

ζ = Π-LangInt(ϕ,L) for some formula ϕ in prime implicate normal form and

some signature L. We begin by showing that every conjunct in ζ is implied by

some conjunct of ζ ′. Let λi be a conjunct of ζ. We begin with the case where

λi satisfies the conditions of the if-loop. Then in Step 2(a), we will set λ′i equal

to the clause obtained from λi by replacing each disjunct 2kψ (resp. 3kψ) with

2kBackToPINF(ψ) (resp. 3kBackToPINF(ψ)). We know that the disjunct

2kψ (resp. 3kψ) must be equal to 2kΠ-LangInt(γ,L) (resp. 3kΠ-LangInt(γ,L))

where 2kγ (resp. 3kγ) is a subformula of ϕ. It follows then by the induction


hypothesis that BackToPINF(ψ) is equivalent to ψ, which means that λ′i ≡ λi

at the end of Step 2(a). We just need to ensure that the changes in Step 2(b)

are equivalence-preserving. To do so, we show that every disjunct of λ′i which is

removed during Step 2(b) implies one of the disjuncts of λ′i which remains at the end

of Step 2(b). We only need to show this for 2-disjuncts, since we do not remove any

other disjuncts in Step 2(b). We note that by the induction hypothesis the formulae

in Boxk(λ′i) must all be in prime implicate normal form. It follows then by Lemmas

6.3.2 and 6.3.3 that for αq, αr ∈ Boxk(λ′i), we have Π-Entail(αq, αr) = yes if and

only if αq |= αr. Now let 2kαl be a disjunct of λ′i which was removed in Step

2(b). That means that αl satisfies the conditions of the if-loop, so there must be

either some p < l such that Π-Entail(αl, αp)=yes or some p > l such that both Π-

Entail(αl, αp)=yes and Π-Entail(αp, αl)=no. It follows then that either αl |= αp

for some p < l, or both αl |= αp and αp 6|= αl for some p > l. This means there

is some p such that αl |= αp and αp 6|= αq for q < p and αp |= αq only if αq |= αp

for q > p. But then we have Π-Entail(αp, αq)=no for every q < p, and either

Π-Entail(αp, αq)=no or Π-Entail(αq, αp)=yes for q > p. This means that we

will not enter the if-loop on αp, so αp will not be removed from λ′i in Step 2(b). We

have thus found a disjunct of λ′i at the end of Step 2(b) which is entailed by αl. It

follows that the modifications in 2(b) are equivalence-preserving. So the conjunct

λ′i of ζ ′ is equivalent to the conjunct λi of ζ.

Next let us consider the other case in which we do not enter the if-loop when

examining the conjunct λi of ζ. Then that means that either there is some j < i

such that Π-Entail(λj, λi)=yes, or there is some j > i such that Π-Entail(λj,

λi)=yes and Π-Entail(λi, λj)=no. Now we know that ζ satisfies the conditions

on both right- and left-hand-side formulae by Lemma 6.3.24. It follows that the

conjuncts of ζ also satisfy these conditions, so by Theorem 6.3.9, Π-Entail will give

the right answer on entailment queries concerning conjuncts of ζ. We thus find that

either λj |= λi for some j < i, or λj |= λi 6|= λj for some j > i. We can thus choose

some index j such that (i) λj |= λi, (ii) λl 6|= λj for all l < j, and (iii) for every

l > j either λl 6|= λj or λj |= λl. But then λj will satisfy all of the requirements for

entering the if-loop, so we know from above that there must be some conjunct of

ζ ′ which is equivalent to λj , and hence some conjunct of ζ ′ which entails λi. Thus,

every conjunct of ζ is implied by some conjunct of ζ ′. It follows that ζ ′ |= ζ. As we

have also showed that every conjunct of ζ ′ is equivalent to some conjunct of ζ, we

must also have ζ |= ζ ′, hence ζ ≡ ζ ′.

We will now prove that ζ ′ is in prime implicate normal form. We first remark

that if ζ ′ is unsatisfiable, then so is ζ. Since ζ satisfies all left-hand-side conditions,

it can have not unsatisfiable subformulae not equal to ⊥, which means ζ = ⊥, and


hence ζ ′ = ⊥, as desired. Likewise, since ζ satisfies all right-hand-side conditions,

if ζ is tautologous, then it must be equal to ⊤. We now consider the case where ζ

is neither tautologous nor unsatisfiable.

We first need to show that all prime implicates of ζ ′ are equivalent to some

conjunct of ζ ′. As ζ satisfies right- and left-hand-side conditions (by Lemma 6.3.24),

we know that ζ is a conjunction of clauses. As the modifications to conjuncts of ζ

in Step 2 of BackToPINF leave clauses as clauses, ζ ′ must also be a conjunction

of clauses. Let us then consider some prime implicate π of ζ ′. We know that ζ ≡ ζ ′

from above, so it must be the case that π is also a prime implicate of ζ, and hence

equivalent to some conjunct of ζ (because ζ satisfies all left-hand-side conditions).

Let λi be a conjunct of ζ such that π ≡ λi and π 6≡ λj for j < i. Now we have seen

earlier that all of the conjuncts of ζ must satisfy all of the right- and left-hand-side

conditions. It follows then from Theorem 6.3.9 that the algorithm Π-Entail gives

the correct output when run on pairs of conjuncts of ζ. This means in particular

that Π-Entail(λj, λi)=no for all 1 ≤ j < i and either Π-Entail(λj, λi)=no or

Π-Entail(λi, λj)=yes for every i < j ≤ n. But then we must enter the main

if-loop when we examine λi in Step 2. So we will add a clause λ′i to Π, making λ′i a

conjunct of ζ ′. We have seen above that the clause λ′i must be equivalent to λi, so

we have π ≡ λ′i. We have thus shown that every prime implicate of ζ ′ is equivalent

to one of the conjuncts of ζ ′.

Let us now show that ζ ′ does not contain any unnecessary conjuncts. Suppose

for a contradiction that this is the case, i.e. there are conjuncts λ′i and λ′j with

λ′i |= λ′j and i 6= j. Now we know that each conjunct λ′l in ζ ′ was obtained from a

corresponding conjunct λl in ζ via the modifications in Step 2. These modifications

are equivalence-preserving (see above), so we must also have λ′l ≡ λl for every

conjunct λ′l of ζ ′. This means in particular that λi |= λj . We consider two cases:

λj |= λi or λj 6|= λi. We begin with the case where λj |= λi, and hence λi ≡ λj .

We assume without loss of generality that i < j. Now we know from previous

paragraphs that Π-Entail gives the correct response when given conjuncts of ζ

as input. It follows that we have Π-Entail(λi,λj)=yes. But that means that

we will not enter the if-loop when examining λj, so λ′j will not be a conjunct of

ζ ′, contradicting our assumption to the contrary. Let us then consider the other

alternative which is that λj 6|= λi. In this case, we have Π-Entail(λi,λj)=yes

and Π-Entail(λi,λj)=yes. This means that we will not enter the if-loop on λj ,

contradicting the fact that λ′j is a conjunct of ζ ′. We have thus shown that there

can be no unnecessary conjuncts in ζ ′.

We will next prove that the conjuncts of ζ ′ satisfy the required properties.

Let λ′i be a conjunct of ζ ′, which is obtained from the conjunct λi of ζ via the


modifications in Step 2 of BackToPINF. We note that all modal disjuncts of

λ′i must be of the form 2kBackToPINF(ψ) where 2kψ is a disjunct of λi or

3kBackToPINF(ψ) where 3kψ is a disjunct of λi. We have seen earlier in the

proof that if ψ is such that 2kψ or 3kψ is a disjunct of some conjunct of ζ, then ψ

must be equal to Π-LangInt(γ,L) for some γ such that 2kγ or 3kγ is a subformula

of ϕ. This means that we can apply the induction hypothesis to all of the modal

disjuncts of λ′i. We find that if BackToPINF(ψ) is such that 2kBackToPINF(ψ)

or 3kBackToPINF(ψ) is a disjunct of λ′i, then BackToPINF(ψ) is a formula in

prime implicate normal form which is equivalent to ψ. It follows that λ′i satisfies

part 3(c)(iii) of Definition 6.2.1. We next note that since ζ has been shown to

satisfy all right-hand-side conditions, which means that λi has at most one 3k-

disjunct for each 1 ≤ k ≤ n, and is such that if it has disjuncts 3kγ and 2kµ,

then γ |= µ. Since the modifications in Step 2 never modify the number of 3-

disjuncts, the former property must also be satisfied by λ′i. The latter property

must also be satisfied by λ′i since we have seen that the modifications in Step 2 are

equivalence-preserving with respect to each disjunct.

Finally, we must show that the conjuncts of λ′i satisfies property 3(c)(i), i.e.

it does not contain any unnecessary disjuncts. We known that λi, and hence λ′i,

cannot contain any unnecessary propositional disjuncts, since this would imply

that a conjunct of ϕ had unnecessary disjuncts, which contradicts the fact that ϕ

is in prime implicate normal form. Now suppose that there is some disjunct 3kψ

of λ′i which implies some other disjunct of λ′i. Now we know that 3kψ cannot

be unsatisfiable, since that would imply the presence of an unsatisfiable disjunct

in ζ, which cannot happen since ζ satisfies all left-hand-side conditions. But then

according to Theorem 2.3.3, there must be a second 3k-disjunct of λ′i, which we have

shown in the previous paragraph to be impossible. Thus, any unnecessary disjunct

in λ′i must be a 2-formula. Let us then suppose that there are disjuncts 2kαp

and 2kαq of λ′i such that 2kαp |= 2kαq (the disjuncts must have the same modal

operator, otherwise the entailment wouldn’t hold). We know from the previous

paragraph that αp and αq are in prime implicate normal form. It follows then that

Π-Entail(αp, αq) =yes. If αq 6|= αp, then we will also have Π-Entail(αq, αp) =no,

which means that 2kαp will be removed from λ′i in Step 2(b), which contradicts

the fact that it appears in ζ ′. If instead we have αq |= αp, then we will have Π-

Entail(αq, αp) =yes, and either 2kαp or 2kαq will be deleted from λ′i, which again

is a contradiction.

We have thus proven that if ζ is such that ζ = Π-LangInt(ϕ,L) for some

formula ϕ in prime implicate normal form and some signature L, the output of

BackToPINF on input ζ is a formula in prime implicate normal form which is


equivalent to ζ. As the algorithm Π-LangInt was shown in Lemma 6.3.21 to run

in linear time (and hence space), all that remains to be shown is that the procedure

BackToPINF terminates in polynomial time in the size of its input. We show

by induction on the depth of the input formula that BackToPINF terminates

in quadratic time. The base case is when the input formula ζ has depth 0. We

trivially have the result since BackToPINF terminates in linear time when the

input formula is propositional. Now suppose that BackToPINF terminates in

quadratic time in the size of the input formula for formulae of depth at most d,

and suppose ζ has depth d + 1. We remark that evaluating the if-condition in

Step 2 for the different values of i involves at most 3 calls to Π-Entail for each

pair of indices i 6= j. Since Π-Entail terminates in O(|λi| |λj |) steps on input

(λi, λj) or (λj , λi), it follows that evaluating the if-condition in Step 2 takes in total

O(Σi6=j|λi| |λj |) steps. In Step 2a, for each 1 ≤ i ≤ m, and each ψ such that 2kψ

or 3kψ is a disjunct of λi, we make a recursive call to BackToPINF on input ψ.

By the induction hypothesis, we know that the call terminates in O(|ψ|2) steps.

But since for each λi, the sum of the lengths of the different ψ is at most |λi|, it

follows that Step 2a can be executed in O(|λi|2) steps. We also observe that the

output of BackToPINF is always smaller or equal to its input, which means that

λ′i at the end of Step 2a is no larger than λi. This means that when comparing the

disjuncts of λ′i using Π-Entail, we need require only O(|λi|2) steps. So the overall

time spent on Step 2a and 2b is O(Σmi=1|λi|

2). It follows that the algorithm runs

in O(Σi6=j|λi| |λj |) + O(Σmi=1|λi|

2) steps, which is in O(|ζ|2) since Σmi=1|λi| ≤ |ζ|.

We have thus shown how to generate in polynomial time for any formula in prime

implicate normal form an L-interpolant which is itself in prime implicate normal

form.

6.3.3 Canonicity

Another interesting property of prime implicate normal form in propositional

logic is that it is unique up to reordering of conjuncts and disjuncts. This means that

prime implicate normal form provides a canonical way of representing propositional

formulae.

In this subsection, we will show that the same holds true for formulae in Kn.

In order to properly formalize what it means for two formulae to be the same up

to reordering of conjuncts and disjuncts, we will require the following definitions.

Definition 6.3.26.

We will say that a formula ψ is reachable via one step of reordering from a formula ϕ,

written ϕ →o ψ, just in the case that there is a subformula σ of the form ρ1⊕...⊕ρk


(where ⊕ ∈ {∧,∨}) of ϕ and a permutation p of {1, ..., k} such that substituting

the formula ρp(1) ⊕ ...⊕ ρp(k) for one or more occurrences of the subformula σ in ϕ

yields ψ.

Definition 6.3.27.

We will say that formulae ψ and ϕ are identical modulo reordering , written ϕ ⋍o ψ,

just in the case that there are a sequence of formulae ζ0 = ϕ, ζ1, ..., ζn = ψ such

that ζi →o ζi+1 for all 0 ≤ i < n.

Example 6.3.28.

We have a∧b∧2(a∨c) →o a∧b∧2(c∨a) since a∨c is a subformula of a∧b∧2(a∨c)

of the form ρ1∨ρ2, the permutation (2, 1) of {1, 2} gives the formula ρ2∨ρ1 = c∨a,

and substituting c ∨ a for the unique occurrence of a∨ c gives a∧ b ∧2(c ∨ a). We

also have a ∧ b ∧ 2(c ∨ a) →o b ∧ 2(c ∨ a) ∧ a since a ∧ b ∧ 2(c ∨ a) is its own

subformula, and by rearranging its conjuncts according to the permutation (3, 1, 2)

we obtain b ∧ 2(c ∨ a) ∧ a. It follows that a ∧ b ∧ 2(a ∨ c) ⋍o b ∧ 2(c ∨ a) ∧ a.

Theorem 6.3.29.

If ϕ and ψ are formulae in prime implicate normal form such that ϕ ≡ ψ, then ϕ

and ψ are identical modulo reordering.

Proof. Let ϕ and ψ be two formulae in prime implicate normal form such that

ϕ ≡ ψ. The proof is by induction on the depth of ϕ. The base case is when

δ(ϕ) = 0. If ϕ is a tautology or a contradiction, the result clearly holds since then

we have either ψ = ϕ = ⊤ or ψ = ϕ = ⊥, and so ϕ ⋍o ψ. If ϕ and ψ are neither

tautologous nor a contradiction, then consider some conjunct λi of ϕ. Since ϕ ≡ ψ,

we must have ψ |= λi, and so by the Covering property (Theorem 3.2.8), there

must be some prime implicate of ψ which implies λi. But ψ is in prime implicate

normal form, so each of its prime implicates is equivalent to one of its conjuncts,

which means there must be some conjunct, call it λ′p(i), such that λ′

p(i) |= λi. As

λi is a prime implicate of ϕ and hence also of ψ, we must also have λi |= λ′p(i), so

λi ≡ λ′p(i).

We have just shown that for each conjunct λi of ϕ, there is some conjunct

λ′p(i) of ψ such that λi ≡ λ′

p(i). We know that there can be at most one, and hence

exactly one, such conjunct of ψ since otherwise ψ would have a redundant conjunct,

which is impossible given part 3(a) of the definition of prime implicate normal form

(Definition 6.2.1). Moreover, we cannot have p(i) = p(j) for i 6= j, since that would

mean that ϕ would have redundant conjuncts, which cannot happen since it too

is in prime implicate normal form. This means that ϕ and ψ have exactly the

same number of conjuncts, say n, and the function p we have defined is in fact a

permutation of {1, ..., n}.


We will now show that λi ⋍o λ′p(i). Let θj be some disjunct of λi. As δ(ϕ) =

0, θj must be a propositional literal, and since λi |= λ′p(i), we must also have

θj |= λ′p(i). We know λ′

p(i) is non-tautologous, so by Theorem 2.3.3, θj must imply

the propositional part of λ′p(i), and so must imply, and hence be equal to, some

propositional disjunct, say θq(j)′, of λ′

p(i). But that means that the disjuncts of

λi must be exactly the disjuncts of λ′p(i) since otherwise λ′

p(i) would contain an

unnecessary disjunct, which is forbidden by part 3(c)(i) of Definition 6.2.1. For the

same reason, there can be no repeated disjuncts in λp(i)′ . It follows that λi and

λ′p(i) have the same number of disjuncts, say m. We have thus shown that there is

a permutation q of {1, ...,m} such that θj = θ′q(j) for all 1 ≤ j ≤ m. It follows that

λi →o λ′p(i), and hence λi ⋍o λ

′p(i).

We have thus demonstrated that λi ⋍o λ′p(i) for every 1 ≤ i ≤ n. That means

that we can transform ϕ into ψ by first transforming each subformula λi into λ′p(i)

and then applying the permutation p to the conjuncts of the resulting formula. It

follows that ϕ ⋍o ψ.

Now let us assume that the result holds whenever the first formula has depth

at most d, and let ϕ be of depth d + 1. Using exactly the same reasoning as in

the base case, we can show that ϕ and ψ have the same number of conjuncts, say

n, and we can find a permutation p of {1, ..., n} such that λi is equivalent to λ′p(i).

We now wish to show that λi ⋍o λ′p(i). Let θj be some disjunct of λi. If θj is a

propositional literal, then we can apply the same reasoning as in the base to case to

find some disjunct θ′q(j) of λ′

p(i) such that θj = θ′q(j). Suppose instead that θj is of

the form 3k ζ. We know that 3k ζ is not a contradiction, since otherwise λi would

contain an unnecessary disjunct. Since λi |= λ′p(i), we must also have 3k ζ |= λ′

p(i).

Then by Theorem 2.3.3, 3k ζ must imply the disjunction of the 3k-disjuncts of λi.

But λi is in prime implicate normal form, so there can be only one such disjunct,

call it θ′q(j) = 3kγ. We thus have ζ |= γ. As λ′

p(i) |= λi, we must also have γ |= ζ,

and hence γ ≡ ζ. Both ζ and γ are in prime implicate normal form and δ(ζ) ≤ d,

so the induction hypothesis applies, giving us ζ ⋍o γ. But that means that there is

a sequence of reordering operations that transform ζ into γ, so by applying these

same operations to the subformula ζ of 3k ζ we obtain the formula 3kγ, which

means θj ⋍o θ′q(j). Finally, consider the case where θj is of the form 2k ζ. Then

since λi |= λ′p(i), we also have 2k ζ |= λ′

p(i). By Theorem 2.3.3, there must be some

2k-disjunct θ′q(j) = 2k γ of λ′

p(i) such that ζ |= γ ∨ α1 ∨ ... ∨ αr, where 3k α1, ...,

3k αr are the 3k-disjuncts of λ′p(i). As λ′

p(i) is in prime implicate normal form, by

part 3(c)iv of Definition 6.2.1, we have γ ≡ γ ∨ α1 ∨ ... ∨ αr, and hence ζ |= γ.

We can show similarly that γ |= ζ, and hence γ ≡ ζ. Now ζ and γ are in prime

implicate normal form, and the depth of ζ is no greater than d, so the induction


hypothesis is applicable, yielding ζ ⋍o γ. Thus, there is a sequence of reordering

operations transforming ζ into γ, which means that we can turn 2k ζ into 2k γ by

applying these same operations to the subformula ζ. So we have θj ⋍o θ′q(j).

We have shown in the previous paragraph that for every disjunct θj of λi there

is some disjunct θ′q(j) of λ′

p(i) such that θj ⋍o θ′q(j). We also need to show that

the function q that we have defined is in fact a permutation. For this, we need

to show that every disjunct of λi maps to a different disjunct of λ′p(i), and that

every disjunct of λ′p(i) is paired with some disjunct of λi. For the former statement,

we simply note that if two disjuncts of λi map to the same disjunct of λ′p(i), then

λi contains an unnecessary disjunct, which is forbidden by the definition of prime

implicate normal form. For the second statement, we remark that since λ′p(i) |= λi,

every disjunct of λ′p(i) entails some disjunct of λi, and hence is equivalent to some

disjunct of λi. If λ′p(i) were to contain more disjuncts than λi, then it would contain

some unnecessary disjunct, which we know not to be the case. Thus, our function

q defines a permutation with the required properties from Definition 6.3.26, so we

have λi ⋍o λ′p(i).

To complete the proof, we remark that we can change ϕ into ψ by first trans-

forming each subformula λi into λ′p(i) (which is possible since λi ⋍o λ

′p(i)) and then

applying the permutation p to the conjuncts of the resulting formula. We have thus

shown ϕ and ψ to be identical modulo reordering.

We can use Theorem 6.3.29 to show that formulae in prime implicate normal

form have minimal signatures and depths.

Theorem 6.3.30.

Let ϕ be in prime implicate normal form, and let ψ be such that ϕ ≡ ψ. Then

sig(ϕ) ⊆ sig(ψ) and δ(ϕ) ≤ δ(ψ).

Proof. Let ϕ be in prime implicate normal form, and let ψ be such that ϕ ≡ ψ.

We show below in Theorem 6.4.3 that there is a formula ψ′ in prime implicate

normal form such that ψ′ ≡ ψ, sig(ψ′) ⊆ sig(ψ), and δ(ϕ) ≤ δ(ψ). According

to Theorem 6.3.29, ϕ and ψ′ are identical modulo reordering. In particular, this

means that ϕ and ψ′ have the same signature and depth. It follows then that

sig(ϕ) ⊆ sig(ψ)′ ⊆ sig(ψ) and δ(ϕ) ≤ δ(ψ)′ ≤ δ(ψ).

6.4 Computing Prime Implicate Normal Form

We have seen in the last section that formulae in prime implicate normal form

enjoy some nice properties, but in order to take advantage of them, we need a

180 6.4. Computing Prime Implicate Normal Form

method for putting formulae into prime implicate normal form.

We present in this section the algorithm Pinf which transforms a given formula

into an equivalent formula in prime implicate normal form. The first step of our

algorithm is to check whether the input formula is unsatisfiable or tautologous, in

which case we return respectively ⊥ or ⊤. For all other formulae, we continue on

to Step 2, where we use GenPI to generate the set of prime implicates of the input

formula, which we then modify in Step 3 so that they satisfy all the conditions of

Definition 6.2.1. We first check to see whether there are multiple 3i-disjuncts, in

which case we group them together into a single disjunct. Next we make sure that

the formulae behind the 2i-modalities are in the proper form by disjoining them

with the formula behind the single 3i-disjunct (if there is one). We then check if

each of the disjuncts in the clause is necessary, and we remove all disjuncts which

are found to be redundant. After that, we consider the formulae appearing behind

the modalities, and we put each of them into prime implicate normal form. Finally,

in Step 4, we return the conjunction of these modified prime implicates.

Algorithm 6.3 Pinf

Input: a formula ϕ

Output: a formula in prime implicate normal form equivalent to ϕ

(1) If Sat(ϕ)=no, return ⊥. If Entails(⊤, ϕ)=yes, return ⊤.

(2) Set Σ = GenPI(ϕ).

(3) For each π in Σ

(i) For each 1 ≤ i ≤ n: if Diami(π) = {ψi,1, ..., ψi,li} where li > 1, replace π

by π \ {3iψi,1, ...,3iψi,li} ∪ {3i(ψi,1 ∨ ... ∨ ψi,li)}.

(ii) For each 1 ≤ i ≤ n: if Diami(π) = {ǫ} and Boxi(π) = {ζi,1, ...ζi,mi},

replace π by π \ {2iζi,1, ...,2iζi,mi} ∪ {2i(ζi,1 ∨ ǫ), ...,2i(ζi,mi

∨ ǫ)}.

(iii) For each disjunct µ in π: if π ≡ π \ {µ}, replace π by π \ {µ}.

(iv) For each ψ ∈⋃ni=1(Diami(π) ∪Boxi(π)), replace ψ by Pinf(ψ).

(4) Return∧

π∈Σ π.

Example 6.4.1.

We use the algorithm Pinf to put the clauses from Example 6.2.2 into prime

implicate normal form:

• Pinf(21b ∨ 31c)=21(b ∨ c) ∨ 31c

• Pinf(31(a ∧ 22⊥) ∨ 31(a ∧ 22⊤) ∨ ¬c)=31a ∨ ¬c, since Pinf((a ∧ 22⊥) ∨

(a ∧ 22⊤))=a

• Pinf(3(a ∧ ¬a))=⊥ since 3(a ∧ ¬a) |= ⊥

• Pinf(21(a ∨ 22(b ∨ ¬b)))=⊤ since |= 21(a ∨ 22(b ∨ ¬b))


• Pinf(a ∨ 21(a ∧ b) ∨ 21(a ∧ b ∧ ¬c))=a ∨ 21(a ∧ b) since 21(a ∧ b ∧ ¬c) is

unnecessary

• Pinf(21((a∧b)∨c))=21((a∨c)∧(b∨c)) since Pinf((a∧b)∨c)=(a∨c)∧(b∨c)

Example 6.4.2.

We use the algorithm Pinf to put the formulae from Example 6.2.3 into prime

implicate normal form:

• Pinf((a∨32c)∧ (¬a∨ c))=(a∨32c)∧ (¬a∨ c)∧ (c∨32c), since all conjuncts

are in prime implicate normal form, every prime implicates is equivalent to

some conjunct, and no conjunct is implied by another conjunct

• Pinf(a ∧ (a ∨ 23b))=a, since a is the only prime implicate of a ∧ (a ∨ 23b),

and a is in prime implicate normal form

• Pinf((a∨¬d)∧21((a∧b)∨c))=(a∨¬d)∧21((a∨c)∧(b∨c)), since all conjuncts

are in prime implicate normal form, every prime implicate is equivalent to

some conjunct, and no conjunct is implied by another conjunct

The correctness of Pinf is shown in the next theorem.

Theorem 6.4.3.

The output of Pinf is a formula in prime implicate normal form which is equivalent

to the input formula, has a signature contained in the signature of the input formula,

and has depth at most that of the input formula.

Proof. The proof is by induction on the depth of the input formula ϕ. If ϕ has

depth 0, then either ϕ |= ⊥, or |= ϕ, or ϕ is neither unsatisfiable nor tautologous.

In the first two cases, the result trivially holds. In the third case, we will continue

on to Step 2 where we set Σ equal to the output of GenPI(ϕ). Because of Theorem

4.1.4 we know that every element in Σ is a prime implicate of ϕ and that all prime

implicates of ϕ are equivalent to some element in Σ. It follows then from Theorem

3.2.9 that ϕ is equivalent to conjunction of the elements in Σ. Moreover, we know

from Theorem 4.1.5 that the signatures of the formulae in Σ are all contained in

the signature of ϕ and that the depths of the elements in Σ are bounded above by

δ(ϕ). As ϕ is assumed to be propositional, the only modification we may make to

Σ in Step 3 is to eliminate repeated literals appearing in the prime implicates. It

follows then that the algorithm terminates and returns a formula in prime implicate

normal form which is equivalent to ϕ, has a signature contained in sig(ϕ), and has

depth at most δ(ϕ).

Suppose next that the result holds whenever the input formula has depth at

most k, and let ϕ be a formula of depth k + 1. Clearly the result holds if ϕ |= ⊥

or |= ϕ. Suppose then that ϕ is neither unsatisfiable nor tautologous. In Step 2,

182 6.5. Spatial Complexity of Prime Implicate Normal Form

we set Σ equal to the output of GenPI(ϕ). By Theorem 4.1.4, we know that the

elements of Σ are precisely the prime implicates of ϕ, so ϕ must be equivalent to

the conjunction of elements in Σ by Theorem 3.2.9. We also know from Theorem

4.1.5 that the signatures of the formulae in Σ are all contained in the signature

of ϕ and that the depths of the elements in Σ cannot exceed δ(ϕ). Thus all we

need to show is that the operations performed on the formulae in Σ in Step 3 are

equivalence-, signature-, and depth-preserving. For (i) and (ii), this follows directly

from Theorem 2.3.1, and for (iii), this is obvious. For (iv), this follows from the

induction hypothesis since we apply the function Pinf to formulae with depth at

most k. We have thus shown that the formula output by Pinf(ϕ) is equivalent to

ϕ, has signature contained in sig(ϕ), and depth at most δ(ϕ). We now verify that

Pinf(ϕ) is in prime implicate normal form. Clearly, Pinf(ϕ) is a conjunction of

clauses, since the elements in Σ are originally clauses, and the modifications in Step

3 do not change this. As we have shown the operations in Step 3 to be equivalence-

preserving, it follows that the conjuncts of Pinf(ϕ) are all prime implicates of C

and that each prime implicate of C is equivalent to some conjunct of Pinf(ϕ).

Moreover, the conjuncts all satisfy the other conditions of Definition 6.2.1. We

have |Diami(ϕ)| ≤ 1 for every 1 ≤ i ≤ n because of part (i) of Step 3. Because

of Step 3 (ii), we know that for if there are disjuncts 3iǫ and 2iψ, then ǫ |= ψ.

We also know that there are no redundant disjuncts since all unnecessary disjuncts

were eliminated in Step 3 (iii). Finally, we can be sure that all of the formulae

appearing behind the modal operators are in prime implicate normal form because

of part (iv) of Step 3. We have thus shown that Pinf(ϕ) is in prime implicate

normal form, completing the proof.

6.5 Spatial Complexity of Prime Implicate Normal Form

In the current section, we investigate the spatial complexity of prime implicate

normal form in order to determine how much more space is needed in the worst-case

to represent a formula in prime implicate normal form.

It is well-known that in propositional logic the transformation to prime implicate

normal form can result in an exponential blowup in the size of the formula (cf.

[CM78]). The blowup can never be more than singly-exponential since there are at

most 3n distinct clauses on n variables.

Theorem 6.5.1.

Every propositional formula built from n propositional variables is equivalent to a

formula in prime implicate normal form whose length is single exponential in n.


We now prove that for arbitrary formulae in Kn the transformation to prime

implicate normal form involves an at most double exponential blowup in formula

length.

Theorem 6.5.2.

Every formula ϕ in Kn is equivalent to a formula in prime implicate normal form

whose length is at most double exponential in |ϕ|.

Proof. We assume throughout the proof that the input to Pinf is in NNF. This

is without loss of generality since the transformation to NNF is linear (Theorem

2.4.2). We will use fl(k) to denote the maximal length of the output of Pinf when

the input formula has depth k and l mutually non-equivalent literal subformulae.

We know from Theorem 6.5.1 that there exists some polynomial q such that every

propositional formula built using at most m propositional variables is equivalent

to some propositional formula in prime implicate normal form with length at most

2q(m). As the number of propositional variables appearing in a formula can never

exceed the number of mutually non-equivalent literal subformulae appearing in

the formula, it follows that there exists some polynomial function p such that

fl(0) ≤ 2p(l).

Now that we have obtained an upper bound on fl(0), we try to obtain an upper

bound on fl(k + 1) in terms of fl(k). Consider some formula ϕ with depth k + 1

and having at most l mutually non-equivalent literal subformulae. The output

of Pinf(ϕ) is a conjunction of clauses, one for each prime implicate of ϕ. We

know from the proof of Theorem 4.1.12 that there can be no more than l2l

prime

implicates of ϕ modulo equivalence. As the output of Pinf(ϕ) is in prime implicate

normal form, and formulae in prime implicate normal form have one conjunct per

equivalence class of prime implicates, there can be at most l2l

conjuncts in the

output of Pinf(ϕ).

We also know that every prime implicate of ϕ is equivalent to some clause

having at most 2l disjuncts (cf. proof of Theorem 4.1.6). We want to show that

the elements in Σ at the beginning of Step 4 also have at most 2l disjuncts each.

Let us then consider some formula π which is a conjunct of Pinf(ϕ), and let π′ be

a clause with at most 2l disjuncts which is equivalent to π. We will suppose that

for any pair of disjuncts 2iζ and 3iθ of π′ we have θ |= ζ. This is without loss

of generality since any clause can be transformed into an equivalent clause with

the same number of disjuncts and satisfying this condition (cf. Theorem 2.3.1).

As π is in prime implicate normal form (by correctness of Pinf , Theorem 6.4.3),

it cannot have any unnecessary disjuncts, which means in particular that there

can be no unsatisfiable disjuncts, nor any disjunct which implies another disjunct.

184 6.5. Spatial Complexity of Prime Implicate Normal Form

Since π |= π′, we know that Prop(π) ⊆ Prop(π′). As there can be no repeated

propositional disjuncts in π, the number of propositional disjuncts in π′ must be

at least as great as the number of propositional disjuncts in π. Next suppose that

π possesses a disjunct 3iψ. We know that 3iψ is satisfiable, so by Theorem 2.3.3

there must be at least one 3i-disjunct in π′. As we know π to have at most one

3i-disjunct per i, it follows that π′ has at least as many 3-disjuncts as π. Finally,

we want to show that number of 2-disjuncts of π is bounded above by the number

of 2-disjuncts of π′. We first remark that if π contains a disjunct 2iχ, then there

must be some disjunct 2iζ of π′ such that χ |= ζ (because of Theorem 2.3.3 and

our assumptions on the structure of π′). We need to make sure however that each

2i-disjunct of π matches up with a different 2i-disjunct of π′. Let us suppose then

that 2iχ1 and 2iχ2 are disjuncts of π which imply a single disjunct 2iζ of π′. We

thus have χ1 |= ζ and χ2 |= ζ. As π′ |= π, and π is in prime implicate normal form,

we must have ζ |= χj for some disjunct 2iχj of π. It follows that χ1 |= χj and

χ2 |= χj . If j = 1, then we have χ2 |= χ1, making the disjunct 2iχ2 unnecessary,

contradicting our assumption that π is in prime implicate normal form. For other

values of j, we obtain a contradiction in a similar manner. Thus we can conclude

that there can be no pair of disjuncts 2iχ1 and 2iχ2 which imply the same disjunct

of π′. It follows then that the total number of 2-disjuncts in π′ is at least as great

as that of π. We have thus shown that π′ has at least as many disjuncts as π, and

hence that π has no more than 2l disjuncts.

We now want to place a bound on the size of the disjuncts appearing in the

conjuncts of Pinf(ϕ). Consider some conjunct π of Pinf(ϕ), and let λ be the

element of GenPI(ϕ) which was transformed into π via the modifications in Step

3 of Pinf . Besides the propositional disjuncts which have length at most 2, there are

two types of disjuncts which may appear in π: formulae of the form 3i(Pinf (ψ1∨...∨

ψr) whereDiami(λ) = {ψ1, ..., ψr}, and formulae of the form 2iPinf(ǫ∨ψ1∨...∨ψr)

where ǫ ∈ Boxi(λ) and Diami(λ) = {ψ1, ..., ψr}. Now we know from Theorem

4.1.5 that every literal subformula of one of the elements in Diami(λ) ∪ Boxi(λ)

must also be a literal subformula of ϕ. That means that if ǫ ∈ Boxi(λ) and

Diami(λ) = {ψ1, ..., ψr}, then all the literal subformulae appearing in ψ1 ∨ ... ∨ ψror ǫ∨ψ1∨...∨ψr also appear in ϕ. As we have assumed there to be at most l mutually

non-equivalent literal subformulae in ϕ, it follows that there can be no more than l

mutually non-equivalent literal subformulae in ψ1∨...∨ψr or ǫ∨ψ1∨...∨ψr. We also

know that the disjuncts of λ have depth at most k+1 (Theorem 4.1.5), which means

that any formula of the form ψ1 ∨ ...∨ψr or ǫ∨ψ1 ∨ ...∨ψr where ǫ ∈ Boxi(λ) and

Diami(λ) = {ψ1, ..., ψr} must have depth no greater than k. We can thus conclude

that |Pinf(ψ1∨ ...∨ψn)| ≤ fl(k) and |Pinf (ǫ∨ψ1∨ ...∨ψr)| ≤ fl(k) for ǫ ∈ Boxi(λ)


and Diami(λ) = {ψ1, ..., ψr}, which means that any disjunct in λ must have length

at most fl(k) + 1 (the extra 1 is for the modality).

Putting all of this together, we obtain the following relationship between fl(k+1)

and fl(k):

fl(k + 1) ≤ l2l

(2l(fl(k) + 1) + 1)

Here the l2lgives the maximal number of conjuncts, 2l gives the maximal number

of disjuncts per conjunct, fl(k) + 1 gives the maximal size of the disjuncts, and

the two extra 1’s in the formula are for the ∧ and ∨ symbols which connect the

different conjuncts and disjuncts. Using standard techniques for solving first-order

linear recurrence relations, we arrive at the following:

fl(k) ∈ O((l2l

2l)kfl(0))

It is not hard to see that this expression is no more than double exponential in l.

Now suppose that ϕ is a formula with l mutually non-equivalent literal subformulae

and depth k. We know that the size of Pinf(ϕ) is bounded above by fl(k). As

the number of literal subformulae in a formula ϕ can never exceed |ϕ|, we must

have l ≤ |ϕ|. We also know that the depth of ϕ is bounded by the length of ϕ, i.e.

k = δ(ϕ) ≤ |ϕ|. This means that the above expression is at most double exponential

in |ϕ|, so |Pinf (ϕ)| must also be at most than double-exponential in |ϕ|.

We now prove this upper bound to be optimal by showing that in some cases the

transformation to prime implicate normal form may involve a double exponential

blowup in formula size.

Theorem 6.5.3.

There exist formulae ϕ such that the smallest equivalent formula in prime implicate

normal form has length which is double exponential in the length of ϕ.

Proof. In Theorem 4.1.7 of Chapter 4, we exhibited a formula ϕ such that the

number of non-equivalent prime implicates of ϕ was double exponential in |ϕ|. Any

formula in prime implicate normal form which is equivalent to ϕ must have double-

exponentially many conjuncts, and hence a length which is double exponential

in |ϕ|.

6.6 Related Work

Normal forms have been proposed for a number of description logics. Indeed,

most of the subsumption algorithms that have been introduced for subpropositional

186 6.6. Related Work

description logics involve a normalization step in which concepts are put into some

type of normal form. This is the case for instance for the description logics FL0

[LB87], CLASSIC [BPS94], ALN [Mol98], and ALE [BKM99]. There has been rel-

atively little work however on normal forms for modal logics or for more expressive

description logics which support full disjunction. Two notable exceptions are the

disjunctive form introduced for the mu-calculus in [JW95] and adapted to ALC in

[tCCMV06] and the linkless normal form for ALC concepts recently proposed in

[FO07]. Both of these normal forms give rise to corresponding normal forms for Kn

formulae via the correspondence introduced in Chapter 2.

In this section, we examine some of the properties of disjunctive and linkless

normal form and compare them to our own. One criteria in our evaluation will be

the relative succinctness of the normal forms. We recall the formal definition of

this notion:

Definition 6.6.1.

Let L1 and L2 be sets of Kn-formulae. We say that L1 is at least as succinct as

L2, just in the case that there exists a polynomial function p such that for every

formula ϕ ∈ L2 there exists a formula ψ ∈ L1 such that ϕ ≡ ψ and |ψ| ≤ p(|ϕ|).

6.6.1 Disjunctive form

Disjunctive form was first introduced in [JW95] as a normal form for mu-calculus

formulae. In more recent work [tCCMV06], B. ten Cate and colleagues have used

disjunctive form as a normal form for concepts in ALC. We rephrase their definition

in terms of Kn formulae:

Definition 6.6.2 (Disjunctive Form).

If Ψ is a set of Kn formulae, then ∇iΨ stands for the formula:

∧

ψ∈Ψ

3iψ ∧ 2i(∨

ψ∈Ψ

ψ)

In the limit case where Ψ = ∅, we have ∇iΨ = 2i⊥ The set of Kn formulae in

disjunctive form is generated by the following recursive definition:

ϕ ::= ⊤ |⊥ |π ∧∇i1Ψ1 ∧ ... ∧∇ikΨk |ϕ ∨ ϕ

where π is a consistent conjunction of propositional literals, i1, ..., ik are distinct

elements of {1, 2, ..., n}, and Φ1, ..., Φk are finite sets of formulae in disjunctive

form.

Disjunctive form can be seen as a description of a formula’s models. Each of the

disjuncts π ∧ ∇i1Ψ1 ∧ ... ∧ ∇ikΨk represents a set of possible models in which the


root of model satisfies the partial valuation π, there is at least one ij-successor

satisfying each of the concepts in Ψij , and all ij-successors satisfy at least one of

the formulae in Ψij .

With regards to queries, satisfiability-testing of formulae in disjunctive form

is easy (it is shown in [JW95] to be decidable in linear time), but tautology-

testing, subsumption, and equivalence-testing cannot be carried out efficiently (un-

less P=NP):

Theorem 6.6.3.

Deciding whether a formula in disjunctive form is a tautology is coNP-hard.

Proof. Any propositional formula ϕ in DNF can be transformed in linear time into

an equivalent formula ϕ′ in disjunctive form by simply removing any unsatisfiable

disjuncts from ϕ. This means that if we were able to test in polynomial time

whether a formula in disjunctive form is a tautology, then we could do the same for

propositional DNF formulae. As the DNF tautology problem is known to be co-

NP-complete (cf. [GJ79]), it follows that testing whether a formula in disjunctive

form is a tautology is a co-NP-hard problem.

As both entailment and equivalence-testing can be used to identify tautologies,

these tasks must also be co-NP-hard:

Corollary 6.6.4.

The entailment and equivalence problems for formulae in disjunctive form are both

co-NP-hard.

The worst-case spatial complexity of disjunctive form is better than that of

prime implicate normal form: every formula is equivalent to a formula in disjunc-

tive form which is at most single-exponentially larger [tCCMV06]. It follows that

there are Kn-formulae which can be represented exponentially more compactly in

disjunctive form than in prime implicate normal form.

Theorem 6.6.5.

Prime implicate normal form is not at least as succinct as disjunctive form.

Are there formulae which can be more compactly represented in prime implicate

normal form than disjunctive form? The next theorem answers this question in the

affirmative.

Lemma 6.6.6.

If ϕ is a Kn-formula in disjunctive form which is equivalent to some satisfiable and

non-tautologous propositional formula ψ, then there exists a propositional DNF

formula ϕ′ ≡ ϕ with |ϕ′| ≤ |ϕ|.


Proof. Let ψ be a satisfiable and non-tautologous propositional formula, and let

ϕ = τ1∨...∨τk be a Kn-formula in disjunctive form which is equivalent to ψ. Suppose

furthermore that there is no shorter Kn-formula in disjunctive form equivalent to

ψ. It follows that ϕ cannot have any unsatisfiable disjuncts, else we could remove

some disjuncts to find a shorter but equivalent formula. Now, each disjunct τi of

ϕ must either be of the form π or π ∧ µ, where π is a consistent conjunction of

propositional literals and µ a conjunction of modal formulae. Define τ ′i to be the

propositional part π of τi. Notice that ϕ′ = τ ′1∨ ...∨ τ′k is a propositional formula in

DNF which is the same length or shorter than ϕ. To complete the proof, we must

show that ϕ′ is equivalent to ϕ. The first direction (ϕ |= ϕ′) is obvious since τi |= τ ′ifor every i. For the second direction (ϕ′ |= ϕ), let λ be some non-tautologous

propositional clause implied by ψ. As ϕ ≡ ψ, it follows that each disjunct τi of ϕ

implies λ, i.e. τi ∧ ¬λ |= ⊥. It follows from Theorem 2.3.3 and the fact that both

τi 6|= ⊥ and 6|= λ that one of the propositional literal disjuncts of λ is a conjunct of

τi. But that means that the same propositional literal must appear as a conjunct

of τ ′i , so τ ′i |= λ. We have thus shown that ϕ′ |= ψ, and hence ϕ′ |= ϕ, completing

the proof.

Theorem 6.6.7.

Disjunctive form is not at least as succinct as prime implicate normal form.

Proof. Consider the propositional formula ψ =∧ni=1(ai,1 ∨ ai,2), and let ϕ be a

Kn-formula in disjunctive form which is equivalent to ϕ. By Lemma 6.6.6, we

know that there must be a propositional DNF formula ϕ′ which is equivalent to

ϕ (and hence to ψ) and such that |ϕ′| ≤ |ϕ|. It was shown in [DM02] that every

propositional formula in DNF which is equivalent to ψ must have size exponential

in n, which means that ϕ′, hence ϕ, must be exponentially larger than ψ. This is

enough to show the result since ψ is clearly in prime implicate normal form.

6.6.2 Linkless normal form

In [FO07, FO08, FGO09], Furbach and Obermaier investigate how linkless nor-

mal form (cf. [MR93]) can be lifted from propositional logic to the description

logic ALC. They propose in [FO07] a definition of linkless normal form for ALC

concepts, and then in [FO08, FGO09], they introduce the notion of a linkless graph

for representing ALC concepts and TBoxes. In this subsection, we restrict our

discussion to linkless normal form, as the notion of linkless graph defines a cer-

tain graph-based data structure rather than a subset of formulae, making it less

amenable to comparison with the other two normal forms.


We recall here Furbach and Olbermaier’s definition of linkless normal form

(which we have appropriately rephrased in terms of Kn):

Definition 6.6.8 (Path).

The set of paths of a formula in NNF is defined as follows: 5

paths(⊥) = ∅

paths(⊤) = {∅}

paths(l) = {{l}}, if l is a literal other than ⊤ or ⊥

paths(ϕ1 ∧ ϕ2) = {X ∪ Y |X ∈ paths(ϕ1), Y ∈ paths(ϕ2)}

paths(ϕ1 ∨ ϕ2) = paths(ϕ1) ∪ paths(ϕ2)

Definition 6.6.9 (Link).

A link is either a formula link or a modal link :

• A formula link of ϕ is a pair of complementary propositional literals occurring

in a path of ϕ

• A modal link of ϕ is a set S = {3iχ,2iψ1, ...,2iψk} occurring in a path of

ϕ such that every path in χ∧ ψ1 ∧ ... ∧ ψk contains a propositional or modal

link, and no proper subset of S satisfies this condition.

Definition 6.6.10 (Linkless normal form).

A formula ϕ is in linkless normal form if it is in NNF, none of its paths contains

a link, and for each subformula of ϕ of the form 2iψ or 3iψ the formula ψ is also

in linkless normal form.

Satisfiability-testing for linkless formulae can be accomplished in polynomial

time [FO07], and it is conjectured that uniform interpolation may be tractable for

linkless formulae. However, tautology, entailment, and equivalence problems can

be shown to be intractable using the same arguments as for disjunctive form.

Theorem 6.6.11.

The tautology, entailment, and equivalence problems for formulae in linkless normal

form are all co-NP-hard.

Proof. We remark that any propositional formula ϕ in DNF can be transformed in

linear time into an equivalent formula ϕ′ in linkless normal form by simply removing

any unsatisfiable disjuncts. This means we can use the same proof as for disjunctive

formulae (Theorem 6.6.3).

5. The definition of paths for the symbols ⊥ and ⊤ is not entirely clear in [FO07], so we adopt

here the definition from [FO08, FGO09].


With regards to spatial complexity, it is stated in [FO07] that the transforma-

tion to linkless normal form induces an at most single-exponential blowup in for-

mula length. This means that linkless normal form can yield exponentially smaller

representations than prime implicate normal form in some cases.

Theorem 6.6.12.

Prime implicate normal form is not at least as succinct as linkless normal form.

We do not currently know whether or not linkless normal form is at least as

succinct as prime implicate normal form (to our knowledge, the relative succinctness

of these normal forms has not yet been established in the case of propositional

logic). We can show however that linkless normal form is strictly more concise

than disjunctive form.

Theorem 6.6.13.

Linkless normal form is at least as succinct as disjunctive form, but disjunctive

form is not at least as succinct as linkless normal form.

Proof. For the first statement, we show how to transform in polynomial time for-

mulae from disjunctive form into equivalent formulae in linkless normal form. Let

ϕ be a formula in disjunctive form. First we remove all unsatisfiable disjuncts from

ϕ, replacing ϕ by ⊥ if no disjuncts remain. Then for each remaining disjunct of

the form π ∧ ∇i1Ψ1 ∧ ... ∧ ∇ik .Ψk, we apply the same procedure to the subfor-

mulae Ψ1, ..., Ψk. This procedure is clearly equivalence-preserving, and it can be

executed in quadratic time since there are at most linearly many subformulae to

treat, and satisfiability of disjunctive formulae is feasible in linear time. We claim

that the resulting formula is in linkless normal form. For propositional formulae,

this is clear since we just have a propositional DNF with satisfiable disjuncts, and

such a formula must be in linkless normal form. Now suppose that the claim holds

for formulae of depth at most d, and consider some formula ϕ′ of depth d + 1

which was obtained from a formula ϕ in disjunctive form via the outlined proce-

dure. Then ϕ′ is a disjunction whose disjuncts are either ⊤ or formulae of the form

π ∧ ∇i1Ψ1 ∧ ... ∧ ∇ik .Ψk. It is easily verified that every non-empty path of ϕ is of

the form

Π ∪ {3ijψ |ψ ∈ Ψj for some 1 ≤ j ≤ k} ∪ {2ij (∨

ψ∈Ψj

ψ) | 1 ≤ j ≤ k}

where Π = {l | l is a conjunct of π}. Any such path cannot have a formula link,

since π does not contain complementary literals, nor can it contain a modal link,

as the formula χ ∧ (∨

ψ∈Ψjψ) (χ ∈ Ψj) must be satisfiable, otherwise ϕ′ would


contain an unsatisfiable disjunct. We also know from the induction hypothesis that

each formula ψ ∈⋃kj=1 Ψij must be in linkless normal form. It follows that ϕ is in

linkless normal form as well.

For the second statement, we use the fact that the parity function from propo-

sitional logic can be represented in polynomial space in DNNF [Dar99]. As every

propositional DNNF formula is also in linkless normal form [MR03], it follows that

the parity function has a polynomial-sized representation in linkless normal form.

To conclude the proof, we use the fact that parity function is known not to be poly-

nomially representable in propositional DNF (cf. [DM02]), together with Lemma

6.6.6, which tells us that any Kn-formula in disjunctive form which is equivalent to

the parity function must be equivalent to some propositional DNF formula of the

same or shorter length.

7

Conclusion

Summary of our results

Research on consequence finding has predominantly focused on propositional

logic and first-order logic. However, for many applications in artificial intelligence,

neither of these logics is a good fit: propositional logic lacks the necessary expres-

sivity, while first-order logic, though greatly expressive, is undecidable. In such

circumstances, modal and description logics often prove a better choice. This is

why in this thesis, we proposed a study of consequence finding for the modal logic

Kn, a well-known modal logic with close ties to the description logic ALC.

It is not immediately clear how the key notions of consequence finding, prime

implicates and prime implicants, should be defined in Kn. This is due to the fact

that prime implicates and prime implicants are normally defined in terms of clauses

and terms, notions which are not typically used in modal logic. Instead of arbitrarily

selecting a definition of clauses and terms for Kn, we considered several possible

definitions, which we evaluated first with respect to properties of their respective

notions of clauses and terms, and then a second time with respect to the properties

of the notions of prime implicates and prime implicants that they induce.

Two of the definitions (D1 and D2) proved too inexpressive, and three of the

definitions (D3a, D3b, and D5) yielded notions of prime implicates/implicants

with highly undesirable behavior. Thankfully, the remaining definition (D4) proved

much better-behaved. Indeed, we were able to show that the notions of prime

implicates and prime implicants induced by D4 satisfy all of our desired properties.

This was quite a positive result, since it was not entirely clear a priori whether such

a well-behaved definition existed for Kn. Indeed, for the standard notion of prime

implicates in first-order logic, many of the desirable properties of propositional

193

194

prime implicates do not hold [Mar91b, Mar91a].

Having selected a suitable notion of prime implicate, we next turned our at-

tention to the principal reasoning problem in consequence finding, which is prime

implicate generation. To this end, we proposed an algorithm GenPI for gener-

ating prime implicates of Kn formulae. Like many propositional prime implicate

generation algorithms, GenPI leverages the Distribution property, which relates

the prime implicates of a disjunction to the prime implicates of its disjuncts. The

algorithm GenPI is a fairly straightforward implementation of the Distribution

property, which makes GenPI easy to understand and analyze but not especially

efficient. This is why we proposed several different modifications to GenPI which

can be used to render it more practicable.

An examination of the formulae output by our algorithm allowed us to place

upper bounds on the size and number of prime implicates. For prime implicate size,

we showed that the shortest clausal representation of a prime implicate of a formula

is never more than single-exponentially larger than the formula. Concerning the

number of prime implicates, we demonstrated that a formula can have no more than

double-exponentially many mutually non-equivalent prime implicates. We proved

these bounds optimal by exhibiting specific formulae having single-exponential-

sized prime implicates or double-exponentially many prime implicates. A natural

question is whether we might be able to improve these results by using some kind

of approximation of prime implicates, like the weaker notions of prime implicate

induced by definitions D1 and D2. Surprisingly, we showed that this is not the

case: for D1 and even for the extremely inexpressive D2, our lower bounds on the

size and number of prime implicates continue to hold.

We next considered the problem of prime implicate recognition, with a view

towards improving the efficiency of our generation algorithm. The fact that prime

implicates in Kn can be exponentially large might suggest that prime implicate

recognition requires exponential space. Fortunately, however, we showed that this is

not the case by exhibiting a polynomial-space algorithm TestPI for deciding prime

implicate recognition. This allowed us to prove the prime implicate recognition

task Pspace-complete, and thus of the same complexity as entailment in Kn.

The results mentioned so far concern only the standard notion of prime impli-

cates, but in many applications, more refined variants are needed. We investigated

two such variants: new prime implicates, which allow one to isolate the novel facts

which can be derived upon arrival of new information, and signature-bounded prime

implicates, which allow one to characterize the consequences of a formula which are

built from a given signature. We showed that most results for standard prime impli-

cates can be transferred or adapted to these variants. The main exception was the

7. Conclusion 195

complexity of recognizing signature-bounded prime implicates, which we showed to

be co-NExptime-hard (and thus most likely not feasible in polynomial space).

Once rephrased in terms of prime implicants, the preceding results can be ap-

plied to the problem of abduction in Kn: our notion of (new and signature-bounded)

prime implicants can be used to define abductive explanations in Kn, and our prime

implicate generation algorithm provides a means of producing all of the abductive

explanations to a given abduction problem. The notion of term underlying our

definition of abductive explanations is more expressive than that used in [CP95].

This means that we are able to find explanations which are overlooked by Cialdea

Mayer & Pirri’s method. For instance, if we look for an explanation of the ob-

servation c given the background information 2(a ∨ b) → c, we obtain 2(a ∨ b),

whereas their framework yields 2a and 2b. This is an argument in favor of our

approach since generally in abduction one is looking to find the weakest conditions

guaranteeing the truth of the observation given the background information. Also

of interest are our results on the size and number of prime implicants, as these yield

corresponding lower bounds on the size and number of abductive explanations. In

particular, our results imply that the abductive explanations of Cialdea Mayer &

Pirri can have exponential size and be doubly exponentially many in number in the

worst case, and thus behave no better in these respects than the notion of abductive

explanation induced by our preferred definition D4.

The final part of this thesis was concerned with the application of our notion

of prime implicate to knowledge compilation. We began by showing that the most

obvious way of defining prime implicate normal form for Kn formulae yielded a

normal form with very poor computational properties. This led us to propose a

more sophisticated definition of prime implicate normal form, in which additional

restrictions are placed on the representation of prime implicates. We showed that

entailment between formulae in our normal form can be decided in polynomial

time using a simple structural comparison algorithm. We then strengthened this

result by providing more general conditions on the input formulae which guaran-

tee the correct functioning of our structural comparison algorithm. This allowed

us to identify some syntactic classes of entailment queries that are tractable for

formulae in prime implicate normal form. Beyond facilitating entailment queries,

our normal form also simplifies the uniform interpolation transformation. Indeed,

we showed this transformation to be feasible in polynomial-time for formulae in

prime implicate normal form. Having established the interest of our normal form,

we next considered the problem of putting formulae into prime implicate normal

form. The algorithm Pinf which we proposed for this purpose induces an at most

double-exponential blowup in formula size, which we showed to be optimal.

196

Perspectives

Alternative generation methods: The prime implicate generation algorithm we pro-

posed in this thesis follows the distribution-based approach, so a natural question

for future research would be to investigate the possibility of using a resolution-

based procedure to generate prime implicates in Kn. Such an investigation could

prove useful in the development of more targeted algorithms for generating new

and signature-bounded prime implicates, as many existing algorithms for restricted

consequence finding in propositional and first-order logic are resolution-based.

Alternative knowledge compilation methods: In this work, we showed how prime

implicate normal form could be generalized to the modal logic Kn while preserving

many of the nice properties of the propositional case. As prime implicate normal

form is just one of several methods used to compile formulae in propositional logic

(cf. [DM02], [FM08]), it would be interesting to see whether other knowledge com-

pilation methods can be suitably lifted from propositional logic to Kn. It may also

prove worthwhile to investigate the extension of approximate knowledge compila-

tion methods (cf. e.g. [del95], [CD97]) from propositional logic to Kn, since such

methods typically exhibit better spatial complexities than exact compilation meth-

ods.

Consequence finding in other modal and description logics: In this thesis, we stud-

ied consequence finding in the modal logic Kn, so an obvious direction for future

work is the extension of our investigation to other modal and description logics.

Particularly of interest are modal logics of knowledge and belief (e.g. S5n) and

expressive description logics used for the semantic web (e.g. extensions of ALC by

number restrictions, nominals, and/or inverse roles). It would also be interesting

to extend our investigation of consequence finding to description logic knowledge

bases, where we do not only have concept expressions in isolation, but instead ax-

ioms and assertions. Since reasoning with respect to knowledge bases is generally

more complicated than with isolated concept expressions, it might prove best to

start by studying description logics of lower complexity than ALC. Good choices

could be the DL-Lite [CDL+07] and EL [BBL05] families of description logics,

since these logics have nice computational properties yet are expressive enough for

interesting applications (in conceptual data modelling and bio-medical ontologies

respectively).

A

Complexity Theory

Computational complexity theory (cf. [Pap94]) studies the computational re-

sources that are required to solve different problems. Most often the problems that

are considered are decision problems, that is, problems for which the answer on any

given input is either yes or no. An example decision problem is that of deciding

whether a natural number is prime since for every number the response is either

yes or no. A decision problem can be defined formally as a pair of sets S, S′, where

S is a set of instances (possible inputs) and S′ ⊆ S is the set of positive instances,

i.e. those for which the answer is yes. For the prime number decision problem, S

would be the set of natural numbers, and S′ the set of prime numbers.

We say that an algorithm solves a decision problem if it outputs the correct

answer on all inputs (such algorithms are termed decision procedures). Decision

problems can be assigned to different complexity classes based on the amount of

time and/or space that is required to solve them. The class P comprises all decision

problems which can be solved in polynomial time (in the size of the input) by a

deterministic Turing machine. Decision problems in P are said to be efficiently

solvable or tractable.

Another important complexity class is NP which contains all decision problems

which can be solved in polynomial time by a non-deterministic Turing machine.

The class co-NP is defined to be the set of all decision problems whose complement

belongs to NP, i.e. those decision problems which can be obtained from a decision

problem in NP by swapping yes- and no-instances.

The complexity class BH2 (or DP) is a combination of the classes NP and co-

NP. Formally, we say that a decision problem D belongs to the class BH2 just in

the case there exists decision problems D1 ∈NP and D2 ∈co-NP such that the set

197

198

of positive instances of D is precisely the intersection of the positive instances of

D1 and the positive instances of D2.

The class Pspace (respectively Expspace) is comprised of those problems

which can be solved in polynomial (respectively single-exponential) space by a

deterministic Turing machine. By allowing non-determinism, we obtain the classes

NPspace and NExpspace, and by taking the complement, we get the classes co-

Pspace and co-Expspace. It is well-known that Pspace=NPspace=co-Pspace

and Exspace=NExpspace=co-Expspace.

We can also define in a similar manner to above the classes Exptime (those

decision problems solvable in single-exponential time by a deterministic Turing ma-

chine), NExptime (those decision problems solvable in single-exponential time by

a non-deterministic Turing machine), and co-NExptime (those decision problems

whose complement belongs to NExptime).

The aforementioned complexity classes are known to be related in the following

manner:

P ⊆ NP ⊆ Pspace ⊆ Exptime ⊆ NExptime ⊆ Expspace

It is a longstanding open question whether P=NP or whether NP=co-NP, but it

is generally believed that these classes are distinct. Likewise, it is conjectured that

Exptime 6=NExptime and NExptime 6=co-NExptime.

A key notion of complexity theory is that of hardness. Informally speaking, a

problem P is hard for C just in the case that it is at least as difficult as any problem

in C. More formally, a problem P is said to be hard for a complexity class C if for

every problem Q in C there exists a polynomial-time translation f which transforms

every instance I of Q into an instance f(I) of P in such a way that I is a positive

instance of Q just in the case that f(I) is a positive instance of P . If a problem

P is both a member of a complexity class C and C-hard, then P is said to be C-

complete. Satisfiability of formulae in propositional logic is NP-complete, whereas

the complementary problem, namely unsatisfiability, is co-Np-complete. For Kn,

both satisfiability and unsatisfiability are Pspace-complete (refer to Chapter 2.5).

Bibliography

[ACG+06] Philippe Adjiman, Philippe Chatalic, François Goasdoué, Marie-

Christine Rousset, and Laurent Simon, Distributed reasoning in a

peer-to-peer setting: Application to the semantic web, Journal of Ar-

tificial Intelligence Research 25 (2006), 269–314.

[BBL05] Franz Baader, Sebastian Brandt, and Carsten Lutz, Pushing the EL

envelope, Proceedings of the Nineteenth International Joint Confer-

ence on Artificial Intelligence (IJCAI’05), 2005, pp. 364–369.

[BdV01] Patrick Blackburn, Martin de Rijke, and Yde Venema, Modal logic,

Cambridge University Press, 2001.

[BHQ08] Meghyn Bienvenu, Andreas Herzig, and Guilin Qi, Prime implicate-

based belief revision operators, Proceedings of the Eighteenth Euro-

pean Conference on Artificial Intelligence (ECAI’08), 2008, pp. 741–

742.

[Bie07a] Meghyn Bienvenu, Consequence finding in ALC, Proceedings of the

Twentieth International Workshop on Description Logics (DL’07),

CEUR Workshop Proceedings, vol. 250, 2007.

[Bie07b] , Prime implicates and prime implicants in modal logic, Pro-

ceedings of the Twenty-Second Conference on Artificial Intelligence

(AAAI’07), 2007, pp. 397–384.

[Bie08a] , Complexity of abduction in the EL family of lightweight de-

scription logics, Proceedings of the Eleventh International Conference

on Principles of Knowledge Representation and Reasoning (KR’08),

2008, pp. 220–230.

199

200 Bibliography

[Bie08b] , Prime implicate normal form for ALC concepts, Proceedings

of the Twenty-Third Conference on Artificial Intelligence (AAAI’08),

2008, pp. 412–417.

[Bie08c] , Prime implicate normal form for ALC concepts, Proceed-

ings of the Twentieth International Workshop on Description Logics

(DL’08), CEUR Workshop Proceedings, vol. 353, 2008.

[Bie09] , Prime implicates and prime implicants: From propositional

to modal logic, Accepted for publication in the Journal of Artifical

Intelligence Research (2009).

[Bíl07] Marta Bílkovà, Uniform interpolation and propositional quantifiers in

modal logics, Studia Logica 85 (2007), no. 1, 1–31.

[Bit07] Guilherme Bittencourt, Combining syntax and semantics through

prime form representation, Journal of Logic and Computation 18

(2007), no. 1, 13–33.

[BKM99] Franz Baader, Ralf Küsters, and Ralf Molitor, Computing least com-

mon subsumers in description logics with existential restrictions, Pro-

ceedings of the Sixteenth International Joint Conference on Artificial

Intelligence (IJCAI’99), 1999, pp. 96–103.

[BPS94] Alex Borgida and Peter Patel-Schneider, A semantics and complete

algorithm for subsumption in the CLASSIC description logic, Journal

of Artificial Intelligence Research 1 (1994), 277–308.

[BSVMH84] Robert K. Brayton, Alberto L. Sangiovanni-Vincentelli, Curtis T. Mc-

Mullen, and Gary D. Hachtel, Logic minimization algorithms for VLSI

synthesis, Kluwer, 1984.

[BT02] Sebastian Brandt and Anni-Yasmin Turhan, An approach for opti-

mized approximation, Proceedings of the KI-2002 Workshop on Ap-

plications of Description Logics (KIDLWS’01), 2002.

[BV04] Stephen Brown and Zvonko Vranesic, Fundamentals of digital logic

with VHDL design, 2nd ed., McGraw-Hill, 2004.

[Bv06] Patrick Blackburn and Johan van Benthem, Handbook of modal logic,

ch. Modal Logic: A Semantic Perspective, pp. 1–84, Elsevier, 2006.

[BvW06] Patrick Blackburn, Johan van Benthem, and Frank Wolter (eds.),

Handbook of modal logic, Elsevier, 2006.

Bibliography 201

[Cas96] Thierry Castell, Computation of prime implicates and prime impli-

cants by a variant of the Davis and Putnam procedure, Proceedings

of the Eighth International Conference on Tools with Artificial Intel-

ligence (ICTAI’96), 1996, pp. 428–429.

[CD97] Marco Cadoli and Francesco M. Donini, A survey on knowledge com-

pilation, AI Communications 10 (1997), no. 3-4, 137–150.

[CDL+07] Diego Calvanese, Giuseppe De Giacomo, Domenico Lembo, Maur-

izio Lenzerini, and Riccardo Rosati, Tractable reasoning and efficient

query answering in description logics: The DL-Lite family, Journal of

Automated Reasoning 39 (2007), no. 3, 385–429.

[Che80] Brian Chellas, Modal logic: an introduction, Cambridge University

Press, 1980.

[CK90] C. C. Chang and H. Jerome Keisler, Model theory, North Holland,

1990.

[CM78] Ashok Chandra and George Markowsky, On the number of prime im-

plicants, Discrete Mathematics 24 (1978), 7–11.

[CP95] Marta Cialdea Mayer and Fiora Pirri, Propositional abduction in

modal logic, Logic Journal of the IGPL 3 (1995), no. 6, 907–919.

[Cra57] William Craig, Three uses of the Herbrand-Gentzen theorem in re-

lating model theory and proof theory, Journal of Symbolic Logic 22

(1957), no. 3, 269–285.

[Dar99] Adnan Darwiche, Compiling knowledge into decomposable negation

normal form, Proceedings of the Sixteenth International Joint Con-

ference on Artificial Intelligence (IJCAI’99), 1999, pp. 1096–1101.

[del95] Alvaro del Val, An analysis of approximate knowledge compilation,

Proceedings of the Fourteenth International Joint Conference on Ar-

tificial Intelligence (IJCAI’95), 1995, pp. 830–836.

[del99] , A new method for consequence finding and compilation in

restricted languages, Proceedings of the Sixteenth National Conference

on Artificial Intelligence (AAAI’99), 1999, pp. 259–264.

[dK92] Johan de Kleer, An improved incremental algorithm for generating

prime implicates, Proceedings of the Tenth National Conference on

Artificial Intelligence (AAAI’92), 1992, pp. 780–785.

202 Bibliography

[DLN+92] Francesco M. Donini, Maurizio Lenzerini, Daniele Nardi, Bernhard

Hollunder, Werner Nutt, and Alberto Marchetti Spaccamela, The

complexity of existential qualification in concept languages, Artificial

Intelligence 53 (1992), 309–327.

[DM02] Adnan Darwiche and Pierre Marquis, A knowledge compilation map,

Journal of Artificial Intelligence Research 17 (2002), 229–264.

[Don03] Francesco M. Donini, The description logic handbook, ch. Complexity

of Reasoning, Cambridge University Press, 2003.

[DTR06] Chan Le Duc, Nhan Le Thanh, and Marie-Christine Rousset, A com-

pact representation for least common subsumers in the description

logic ALE , AI Communications 19 (2006), no. 3, 239–273.

[EF89] Patrice Enjalbert and Luis Fariñas del Cerro, Modal resolution in

clausal form, Theoretical Computer Science 65 (1989), no. 1, 1–33.

[EG95] Thomas Eiter and Georg Gottlob, The complexity of logic-based ab-

duction, Journal of the ACM 42 (1995), no. 1, 3–42.

[FGO09] Ulrich Furbach, Heiko Gunther, and Claudia Obermaier, A knowledge

compilation technique for ALC TBoxes, Proceedings of the 22th In-

ternational Florida Artificial Intelligence Research Society Conference

2009 ( FLAIRS’09 ), 2009.

[FM08] Hélène Fargier and Pierre Marquis, Extending the knowledge compila-

tion map: Krom, horn, affine and beyond, Proceedings of the Twenty-

Third Conference on Artificial Intelligence (AAAI’08), 2008, pp. 442–

447.

[FO07] Ulrich Furbach and Claudia Obermaier, Knowledge compilation for

description logics, Proceedings of the 3rd Workshop on Knowledge

Engineering and Software Engineering (KESE), 2007.

[FO08] , Precompiling ALC Tboxes and query answering, Proceedings

of the Fourth Workshop on Contexts and Ontologies, 2008.

[Ghi95] Silvio Ghilardi, An algebraic theory of normal forms, Annals of Pure

and Applied Logic 71 (1995), no. 3, 189–245.

[GJ79] Michael R. Garey and David S. Johnson, Computers and intractability.

A guide to the theory of NP-completeness, W. H. Freeman, 1979.

Bibliography 203

[GLW06] Silvio Ghilardi, Carsten Lutz, and Frank Wolter, Did I damage my

ontology? A case for conservative extensions in description logics,

Proceedings of the Tenth International Conference on Principles of

Knowledge Representation and Reasoning (KR’06), 2006, pp. 187–

197.

[GLWZ06] Silvio Ghilardi, Carsten Lutz, Frank Wolter, and Michael Za-

kharyaschev, Conservative extensions in modal logic, Proceedings

of Sixth International Conference on Advances in Modal Logic

(AiML06), 2006, pp. 187–207.

[GS96] Fausto Giunchiglia and Roberto Sebastiani, A SAT-based decision pro-

cedure for ALC, Proceedings of the Fifth International Conference on

Principles of Knowledge Representation and Reasoning (KR’96), 1996,

pp. 304–314.

[GZ95] Silvio Ghilardi and Marek W. Zawadowski, Undefinability of propo-

sitional quantifiers in the modal system S4, Studia Logica 55 (1995),

no. 2, 259–271.

[Hen63] Leon Henkin, An extension of the Craig-Lyndon interpolation theorem,

Journal of Symbolic Logic 28 (1963), no. 3, 201–216.

[HHSS06] Ian Horrocks, Ullrich Hustadt, Ulrike Sattler, and Renate Schmidt,

Handbook of modal logic, ch. Computational Modal Logic, pp. 181–

248, Elsevier, 2006.

[HM08] Andreas Herzig and Jérôme Mengin, Uniform interpolation by resolu-

tion in modal logic, Proceedings of the Eleventh European Conference

on Logics in Artificial Intelligence (JELIA’08), 2008, pp. 219–231.

[Ino92] Katsumo Inoue, Linear resolution in consequence finding, Artificial

Intelligence 56 (1992), no. 2-3, 301–353.

[Jac92] Peter Jackson, Computing prime implicates incrementally, Proceed-

ings of the Eleventh International Conference on Automated Deduc-

tion (CADE’92), 1992, pp. 253–267.

[JW95] David Janin and Igor Walukiewicz, Automata for the modal mu-

calculus and related results, Proceedings of the Twentieth International

Symposium on the Mathematical Foundations of Computer Science

(MFCS’95), Lecture Notes in Computer Science, vol. 969, Springer,

1995, pp. 552–562.

204 Bibliography

[KT90] Alex Kean and George K. Tsiknis, An incremental method for gener-

ating prime implicants/impicates, Journal of Symbolic Computation

9 (1990), no. 2, 185–206.

[KWW08] Boris Konev, Dirk Walther, and Frank Wolter, The logical difference

problem for description logic terminologies, Proceedings of the Fourth

International Joint Conference on Automated Reasoning (IJCAR’08),

2008, pp. 259–274.

[Lad77] Richard Ladner, The computational complexity of provability in sys-

tems of modal propositional logic, SIAM Journal of Computing 6

(1977), no. 3, 467–480.

[Lak95] Gerhard Lakemeyer, A logical account of relevance, Proceedings of the

Fourteenth International Joint Conference on Artificial Intelligence

(IJCAI’95), 1995, pp. 853–861.

[LB87] Hector J. Levesque and Ronald Brachman, Expressiveness and

tractability in knowledge representation and reasoning, Computational

Intelligence 3 (1987), 78–93.

[LLM03] Jérôme Lang, Paolo Liberatore, and Pierre Marquis, Propositional

independence: Formula-variable independence and forgetting, Journal

of Artificial Intelligence Research 18 (2003), 391–443.

[LR94] Fangzhen Lin and Raymond Reiter, Forget it!, AAAI Fall Symposium

on Relevance, 1994, pp. 154–159.

[Mar91a] P. Marquis, Contribution á l’étude des méthodes de construction

d’hypothèses en intelligence artificielle, In french, Université de Nancy

I, 1991.

[Mar91b] Pierre Marquis, Extending abduction from propositional to first-order

logic, Proceedings of Fundamentals of Artificial Intelligence Research

Workshop, 1991, pp. 141–155.

[Mar00] , Handbook on defeasible reasoning and uncertainty manage-

ment systems, vol. 5, ch. Consequence Finding Algorithms, pp. 41–

145, Kluwer, 2000.

[McC56] Edward McCluskey, Minimization of boolean functions, Bell System

Technical Journal 35 (1956), no. 6, 1417–1444.

Bibliography 205

[Mol98] Ralf Molitor, Structural subsumption for ALN , LTCS-Report 98-03,

RWTH Aachen, 1998.

[MR93] Neil V. Murray and Erik Rosenthal, Dissolution: Making paths vanish,

Journal of the ACM 40 (1993), no. 3, 504–535.

[MR03] , Tableaux, path dissolution, and decomposable negation normal

form for knowledge compilation, Proceedings of the International Con-

ference on Analytic Tableaux and Related Methods (TABLEAUX),

2003, pp. 165–180.

[Nga93] Teow-Hin Ngair, A new algorithm for incremental prime implicate

generation, Proceedings of the Thirteenth International Joint Confer-

ence on Artificial Intelligence (IJCAI’93), 1993, pp. 46–51.

[Pag06] Maurice Pagnucco, Knowledge compilation for belief change, Proceed-

ings of the Nineteenth Australian Conference on Artificial Intelligence

(AI’06), 2006, pp. 90–99.

[Pap94] Christos Papadimitriou, Computational complexity, Addison Welsey,

1994.

[Prz89] Teodor C. Przymusinski, An algorithm to compute circumscription,

Artificial Intelligence 38 (1989), no. 1, 49–73.

[Qui52] Willard V. Quine, The problem of simplifying truth functions, Ameri-

can Mathematical Monthly 59 (1952), no. 8, 521–531.

[Qui55] , A way to simplify truth functions, American Mathematical

Monthly 62 (1955), no. 9, 627–631.

[RBM97] Anavai Ramesh, George Becker, and Neil V. Murray, CNF and DNF

considered harmful for computing prime implicants/implicates, Jour-

nal of Automated Reasoning 18 (1997), no. 3, 337–356.

[Sch91] Klaus Schild, A correspondence theory for terminological logics: Pre-

liminary report, Proceedings of the Twelth International Joint Con-

ference on Artificial Intelligence (IJCAI’91), 1991, pp. 466–471.

[SCL69] James R. Slagle, Chin-Liang Chang, and Richard C. T. Lee, Complete-

ness theorems for semantic resolution in consequence-finding, Pro-

ceedings of the First International Joint Conference on Artificial In-

telligence (IJCAI), 1969, pp. 281–286.

206 Bibliography

[SdV01] Laurent Simon and Alvaro del Val, Efficient consequence finding, Pro-

ceedings of the Seventeenth International Joint Conference on Artifi-

cial Intelligence (IJCAI’01), 2001, pp. 359–370.

[SL96] Bart Selman and Hector J. Levesque, Support set selection for abduc-

tive and default reasoning, Artificial Intelligence 82 (1996), 259–272.

[SM73] Larry J. Stockmeyer and Albert R. Meyer, Word problems requiring

exponential time: Preliminary report, Proceedings of Fifth Annual

ACM Symposium on Theory of Computing (STOC’73), 1973, pp. 1–

9.

[Soc91] Rolf Socher, Optimizing the clausal normal form transformation, Jour-

nal of Automated Reasoning 7 (1991), no. 3, 325–336.

[SP99] A. K. Shiny and Arun K. Pujari, An efficient algorithm to generate

prime implicants, Journal of Automated Reasoning 22 (1999), no. 2,

149–170.

[SSS91] Manfred Schmidt-Schauß and Gert Smolka, Attributive concept de-

scriptions with complements, Artificial Intelligence 48 (1991), no. 1,

1–26.

[TB07] Anni-Yasmin Turhan and Yusri Bong, Speeding up approximation with

nicer concepts, Proceedings of the Twentieth International Description

Logic Workshop (DL’07), 2007.

[tCCMV06] Balder ten Cate, Willem Conradie, Martin Marx, and Yde Venema,

Definitorially complete description logics, Proceedings of the Tenth

International Conference on Principles of Knowledge Representation

and Reasoning (KR’06), AAAI Press, 2006, pp. 79–89.

[Tis67] Pierre Tison, Generalization of consensus theory and application to the

minimization of boolean functions, IEEE Transactions on Computers

C-16 (1967), 446–456.

[van83] Johan van Benthem, Modal logic and classical logic, Bibliopolis, 1983.

[Vis96] Albert Visser, Gödel 96, Lecture Notes in Logic, vol. 6, ch. Uniform

interpolation and layered bisimulation, pp. 139–164, Springer-Verlag,

1996.

[You67] Daniel H. Younger, Recognition and parsing of context-free languages

in time n3, Information and Control 10 (1967), no. 2, 189–208.

Index

Boxi(ϕ), 24

Diami(ϕ), 24

Prop(ϕ), 24

2ki ϕ, 23

∆(T ), 91

3ki ϕ, 23

δ(ϕ), 24

≡, 27

V, 23

|ϕ|, 24

|=, 27

∇iΨ, 186

sig(ϕ), 24

Sub(ϕ), 24

⊤, 23

ϕ →o ψ, 176

ϕ ⋍o ψ, 177

f∧,∨, 34

var(ϕ), 24

⊥, 23

abductive reasoning, 17–18

ABox, 54

algorithms

Cnf , 37–38

Dnf , 33–37

Entails, 43–44

GenPI, 90–94, 105–109

LangInt, 47–52

TestLangPI, 139–140

Nnf , 32

Π-LangInt, 162–171

Pinf , 180–182

Sat, 40–43

Π-Entail, 145–162

LangInt, 48

Test3PI, 119–123

TestPI, 123–127

bounds

on number of prime implicates,

102–105

on prime implicate size, 94–102

circuit minimization, 15

complete for a complexity class, 198

complexity class

BH2, 197

Expspace, 198

NP, 197

Pspace, 198

P, 197

co-NExptime, 198

co-NP, 197

concept, 54

conditions

on left-hand-side formulae, 153

207

208 INDEX

on right-hand-side formulae, 153

consequence

global, 26

local, 26

consequence finding, 13

decision

problem, 197

procedure, 197

deduction, 13

definition of clauses and terms

D1, 64

D2, 66

D3a, 68

D3b, 71

D4, 72

D5, 73

depth of a formula, 24

disjunctive form, 186–188

Distribution, 78

Equivalence, 78

explanation, 17

extended conjunctive normal form, 152

Finiteness, 78

forgetting, see uniform interpolation

formula

2-formula, 24

3-formula, 24

basic, 24

conjunctive, 24

disjunctive, 24

hard for a complexity class, 198

identical modulo reordering, 177

implicant, 77

Implicant-Implicate Duality, 78

implicate, 77

interpretation

for description logics, 54

graphical representation, 25

in the modal logic Kn, 25

knowledge compilation, 15–17

knowledge representation, 13

L-prime implicant, see signature-bounded

prime implicate

L-interpolant, see uniform interpolant

length of a formula, 24

link, 189

linkless normal form, 188–191

logical

consequence

definition, 26

properties of, 27–31

entailment, 27

equivalence, 27

strength, 27

model, see interpretation

negation normal form, 25

NNF, see negation normal form

P1-P7, 62

path, 189

ϕ-prime implicate, see new prime im-

plicate

prime implicant

definition, 77

new, 130

propositional logic, 14

signature-bounded, 134

prime implicate

applications of, 15–18

definition, 77

generation, 89–109

INDEX 209

new, 129–133

propositional logic, 14

recognition, 109–128

signature-bounded, 133–140

prime implicate normal form

definition, 142

in propositional logic, 16

properties, 145–179

spatial complexity, 182–185

transformation, 179–182

reachable via reordering, 176

role, 54

satisfiable

concept, 55

formula, 26

semantics

of the modal logic Kn, 25

of ALC concepts, 56

of description logics, 54

signature, 24

size of a formula, 24

standard translation, 52

subformula, 24

subsumption, 55

succinctness, 186

syntax

of the description logic ALC, 55

of the description logic ALE, 57

of the modal logic Kn, 23

tautology, 26

TBox, 54

tractable, 197

uniform interpolant, 44

uniform interpolation, 44–52

unsatisfiable

concept, 55

formula, 26

Consequence finding in modal logic

Meghyn GARNER BIENVENU

The key notion in consequence finding is that of prime implicates,which are defined to be the logically strongest clausal consequencesof a formula. Prime implicates have proven useful in artificial intelli-gence, especially in knowledge compilation and abductive reasoning.In this thesis, we extend the investigation of prime implicates frompropositional logic to the basic multi-modal logic Kn. We begin bycomparing the properties of several plausible definitions of prime im-plicates in Kn in order to isolate the most suitable definition. We nextstudy the computational aspects of the selected definition. Specifi-cally, we provide algorithms for prime implicate generation and re-cognition, and we study the complexity of these tasks. Finally, weshow how our notion of prime implicates can be used to define a nor-mal form for Kn with interesting knowledge compilation properties.

Keywords : modal logic, automated reasoning, consequence finding,knowledge compilation

This thesis, presented and defended in Toulouse on May 7th, 2009,was carried out under the direction of Andreas Herzig. The authorreceived the degree of Docteur en Informatique de l'Universite deToulouse.

Universite de Toulouse - Institut de Recherche en Informatique de Toulouse118 route de Narbonne, 31062 TOULOUSE Cedex 9, France

Documents

THESEthesesups.ups-tlse.fr/923/1/Garner-Bienvenu_Meghyn.pdf · de minimisation de Quine-McCluskey [McC56] commence par calculer l’intégra-lité des implicants/impliqués premiers